Parasoft Jtest Report
Jtest 2022.2.1

Session Summary
Build ID: CICD_Parabank-2023-07-26
Test Configuration: C:\jenkins\workspace\cicd.findings.jtest.parabank\jtest_settings.properties
Started: 2023-07-26T16:52:57+08:00
Performed on: DESKTOP-FCE4ITJ by devtest
Session Tag: cicd_Parabank
Project: CICD_Parabank

Static Analysis Severity 1 Findings: 241
 
Summary - Static Analysis
standard_summary_07-26-23_16-52-57.jpeg
 
Details - Static Analysis
Static Analysis

Module   Findings   Files  Lines
suppressed total per 10,000 lines checked total checked total
 com.parasoft:parabank  0  7275  4521   169  169   16089  16089 
 Total [0:01:08]  0   7275   4521  169  169  16089  16089 

 
All Findings by Category
Category  |  Severity   

  [29]   APSC_DV.001460 An application vulnerability assessment must be conducted. (APSC_DV.001460) 
        [14]   Do not throw exception types which are too general or are unchecked exceptions (APSC_DV.001460.NTERR-2) 
        [10]   Avoid declaring methods to throw general or unchecked Exception types (APSC_DV.001460.NTX-2) 
        [4]   Implement 'readObject()' and 'writeObject()' for all 'Serializable' classes (APSC_DV.001460.OROM-2) 
        [1]   Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (APSC_DV.001460.UPS-2) 
  [8]   APSC_DV.002500 The application must protect from Cross-Site Request Forgery (CSRF) vulnerabilities. (APSC_DV.002500) 
        [8]   Validate all dangerous data (APSC_DV.002500.VPPD-2) 
  [713]   APSC_DV.003215 The application development team must follow a set of coding standards. (APSC_DV.003215) 
        [10]   Use '()' to separate complex expressions (APSC_DV.003215.APAREN-3) 
        [67]   Enforce number of blank line(s) before type declarations (APSC_DV.003215.BLCD-3) 
        [28]   Enforce number of blank line(s) to separate "imports" from different packages (APSC_DV.003215.BLSIM-3) 
        [1]   Place a single space character or no space character after type casting (APSC_DV.003215.CMS-3) 
        [17]   Enforce the position of '{' brace (APSC_DV.003215.FCB-3) 
        [6]   Declare arrays with '[]' brackets after the array type and before the variable name(s) (APSC_DV.003215.IAD-3) 
        [138]   Enforce number of space(s) for indentation (APSC_DV.003215.IND-3) 
        [92]   Limit the maximum length of a line (APSC_DV.003215.LL-3) 
        [65]   Include a meaningful file header comment in every source file (APSC_DV.003215.MCH-3) 
        [1]   Enforce number of space character(s) after every comma (APSC_DV.003215.SAC-3) 
        [23]   Enforce number of space character(s) on each side of an assignment operator (APSC_DV.003215.SAOP-3) 
        [73]   Enforce number of space character(s) after the opening parenthesis "(" of a conditional statement (APSC_DV.003215.SAP-3) 
        [1]   Enforce number of space character(s) before and after the "?" conditional operator (APSC_DV.003215.SCOP-3) 
        [4]   Avoid using trailing comments (APSC_DV.003215.TC-3) 
        [14]   Make sure all files are terminated with a newline character (APSC_DV.003215.TNL-3) 
        [173]   Enforce number of blank line(s) between major sections (APSC_DV.003215.U2BL-3) 
  [2]   APSC_DV.002000 The application must terminate all network connections associated with a communications session at the end of the session. (APSC_DV.002000) 
        [2]   Ensure resources are deallocated (APSC_DV.002000.LEAKS-2) 
  [7]   Possible Bugs (BD.PB) 
        [2]   Avoid use before explicit initialization (BD.PB.NOTEXPLINIT-1) 
        [2]   Avoid conditions that always evaluate to the same value (BD.PB.CC-2) 
        [2]   Methods shall not call themselves, either directly or indirectly (BD.PB.RECFUN-5) 
        [1]   Restore prior object state on method failure (BD.PB.REVOBJ-5) 
  [2]   Resources (BD.RES) 
        [2]   Ensure resources are deallocated (BD.RES.LEAKS-1) 
  [8]   Security (BD.SECURITY) 
        [8]   Validate all dangerous data (BD.SECURITY.VPPD-2) 
  [47]   JavaBeans (BEAN) 
        [47]   Define get and set methods for each instance field (BEAN.NFM-4) 
  [4]   Code Duplication Detection (CDD) 
        [4]   Avoid code duplication (CDD.DUPC-3) 
  [3]   MET11-J: Ensure that keys used in comparison operations are immutable (CERT.MET11) 
        [3]   Ensure that keys used in comparison operations are immutable (CERT.MET11.IKICO-3) 
  [3]   NUM10-J: Do not construct BigDecimal objects from floating-point literals (CERT.NUM10) 
        [3]   Do not pass floating point values to the 'BigDecimal' constructor (CERT.NUM10.BBDCC-3) 
  [22]   SER03-J: Do not serialize unencrypted, sensitive data (CERT.SER03) 
        [22]   Inspect instance fields of serializable objects to make sure they will not expose sensitive information (CERT.SER03.SIF-2) 
  [133]   OBJ05-J: Defensively copy private mutable class members before returning their references (CERT.OBJ05) 
        [129]   Provide mutable classes with copy functionality (CERT.OBJ05.MUCOP-1) 
        [4]   Do not store user-given mutable objects directly into variables (CERT.OBJ05.SMO-1) 
  [133]   OBJ06-J: Defensively copy mutable inputs and mutable internal components (CERT.OBJ06) 
        [129]   Provide mutable classes with copy functionality (CERT.OBJ06.MUCOP-2) 
        [4]   Do not store user-given mutable objects directly into variables (CERT.OBJ06.SMO-2) 
  [67]   OBJ07-J: Sensitive classes must not let themselves be copied (CERT.OBJ07) 
        [67]   Make your classes noncloneable (CERT.OBJ07.MCNC-2) 
  [133]   OBJ04-J: Provide mutable classes with copy functionality to safely allow passing instances to untrusted code (CERT.OBJ04) 
        [129]   Provide mutable classes with copy functionality (CERT.OBJ04.MUCOP-3) 
        [4]   Do not store user-given mutable objects directly into variables (CERT.OBJ04.SMO-3) 
  [6]   LCK05-J: Synchronize access to static fields that can be modified by untrusted code (CERT.LCK05) 
        [6]   Inspect accesses to "static" fields which may require synchronization (CERT.LCK05.IASF-3) 
  [2]   FIO04-J: Release resources when they are no longer needed (CERT.FIO04) 
        [2]   Ensure resources are deallocated (CERT.FIO04.LEAKS-3) 
  [24]   ERR07-J: Do not throw RuntimeExceptions, Exceptions or Throwable (CERT.ERR07) 
        [14]   Do not throw exception types which are too general or are unchecked exceptions (CERT.ERR07.NTERR-3) 
        [10]   Avoid declaring methods to throw general or unchecked Exception types (CERT.ERR07.NTX-3) 
  [1]   ERR03-J: Restore prior object state on method failure (CERT.ERR03) 
        [1]   Restore prior object state on method failure (CERT.ERR03.REVOBJ-3) 
  [6]   MSC07-J: Prevent multiple instantiations of singleton objects (CERT.MSC07) 
        [6]   Make lazy initializations thread-safe (CERT.MSC07.ILI-3) 
  [2]   MSC04-J: Do not leak memory (CERT.MSC04) 
        [2]   Ensure resources are deallocated (CERT.MSC04.LEAKS-3) 
  [33]   STR00-J: Don't form strings containing partial characters from variable-width encodings (CERT.STR00) 
        [33]   Do not use String concatenation in an Internationalized environment (CERT.STR00.COS-3) 
  [5]   STR02-J: Specify an appropriate locale when comparing locale-dependent data (CERT.STR02) 
        [5]   Use the optional java.util.Locale parameter (CERT.STR02.CCL-2) 
  [1]   EXP02-J: Do not use the Object.equals() method to compare two arrays (CERT.EXP02) 
        [1]   Do not use '==' or '!=' to compare objects (CERT.EXP02.UEIC-3) 
  [10]   OBJ11-J: Be wary of letting constructors throw exceptions (CERT.OBJ11) 
        [10]   Do not throw exceptions from constructors of "public" non-"final" classes (CERT.OBJ11.EPNFC-1) 
  [8]   IDS11-J: Perform any string modifications before validation (CERT.IDS11) 
        [8]   Validate all dangerous data (CERT.IDS11.VPPD-1) 
  [1]   EXP03-J: Do not use the equality operators when comparing boxed values (CERT.EXP03) 
        [1]   Do not use '==' or '!=' to compare objects (CERT.EXP03.UEIC-3) 
  [45]   Poor Object Oriented Design (CODSTA.POD) 
        [4]   Avoid constant interface anti-pattern (CODSTA.POD.ACIAP-3) 
        [15]   Use chain constructors in classes with multiple constructors (CODSTA.POD.CHAIN-3) 
        [4]   Do not define constants in interfaces (CODSTA.POD.ISACF-4) 
        [22]   Define a no argument constructor whenever possible (CODSTA.POD.DCTOR-5) 
  [204]   Bad Practice (CODSTA.BP) 
        [10]   Avoid 'public' or 'protected' constructors for immutable classes (CODSTA.BP.CMUTA-3) 
        [179]   Declare all formal parameters as "final" (CODSTA.BP.FPF-3) 
        [10]   Avoid declaring methods to throw general or unchecked Exception types (CODSTA.BP.NTX-3) 
        [2]   Ensure that a class which has only "private" constructors is declared as "final" (CODSTA.BP.PCF-3) 
        [3]   Ensure overloaded constructors and methods share the same accessibility (CODSTA.BP.OCMA-5) 
  [46]   Organization (CODSTA.ORG) 
        [8]   Order class elements appropriately (CODSTA.ORG.FO-3) 
        [1]   Order compilation unit elements appropriately (CODSTA.ORG.ORCU-3) 
        [13]   Define constants in an "interface" (CODSTA.ORG.DCI-4) 
        [5]   Ensure that comments do not contain task tags (CODSTA.ORG.TODOJAVA-4) 
        [19]   Present "import" statements in alphabetical order (CODSTA.ORG.ORIMP-5) 
  [4]   Error-Prone Coding (CODSTA.EPC) 
        [4]   Do not call methods that might cause unexpected NullPointerExceptions during constructor execution (CODSTA.EPC.NCNFC-2) 
  [341]   Readability (CODSTA.READ) 
        [2]   Avoid literal constants (CODSTA.READ.USN-2) 
        [7]   Access and set fields directly in the declaring type instead of using getter and setter methods (CODSTA.READ.AFD-3) 
        [2]   Avoid anonymous inner classes (CODSTA.READ.AIC-3) 
        [1]   Avoid unnecessary calls to 'toString()' (CODSTA.READ.AUTS-3) 
        [80]   Comment the ends of control structures (CODSTA.READ.CCB-3) 
        [1]   Comment empty blocks (CODSTA.READ.CEB-3) 
        [1]   Explicitly call one of the superclass' constructors from all constructors (CODSTA.READ.ECSC-3) 
        [4]   Declare "private" constant fields "final" (CODSTA.READ.FF-3) 
        [12]   Declare constant local variables "final" (CODSTA.READ.FLV-3) 
        [1]   Avoid non-static initializers (CODSTA.READ.NSI-3) 
        [26]   Do not rely on automatic boxing and unboxing of primitive types (CODSTA.READ.ABUB-4) 
        [52]   Put declarations only at the beginning of blocks (CODSTA.READ.PDBB-4) 
        [1]   Avoid or enforce usage of enhanced "for" loops (CODSTA.READ.AEFS-5) 
        [135]   Comment local variables (CODSTA.READ.CLV-5) 
        [16]   Enforce use of "for" or "while" loops (CODSTA.READ.PFL-5) 
  [12]   CWE-543: Use of Singleton Pattern Without Synchronization in a Multithreaded Context (CWE.543) 
        [6]   Inspect accesses to "static" fields which may require synchronization (CWE.543.IASF-3) 
        [6]   Make lazy initializations thread-safe (CWE.543.ILI-3) 
  [5]   CWE-546: Suspicious Comment (CWE.546) 
        [5]   Ensure that comments do not contain task tags (CWE.546.TODOJAVA-4) 
  [2]   CWE-771: Missing Reference to Active Allocated Resource (CWE.771) 
        [2]   Ensure resources are deallocated (CWE.771.LEAKS-1) 
  [2]   CWE-772: Missing Release of Resource after Effective Lifetime (CWE.772) 
        [2]   Ensure resources are deallocated (CWE.772.LEAKS-1) 
  [2]   CWE-400: Uncontrolled Resource Consumption (CWE.400) 
        [2]   Ensure resources are deallocated (CWE.400.LEAKS-1) 
  [45]   CWE-749: Exposed Dangerous Method or Function (CWE.749) 
        [45]   Declare "public/protected" methods as inaccessible as possible (CWE.749.DPPM-4) 
  [1]   CWE-607: Public Static Final Field References Mutable Object (CWE.607) 
        [1]   Ensure "static" "final" fields are immutable (CWE.607.IMM-3) 
  [24]   CWE-397: Declaration of Throws for Generic Exception (CWE.397) 
        [14]   Do not throw exception types which are too general or are unchecked exceptions (CWE.397.NTERR-3) 
        [10]   Avoid declaring methods to throw general or unchecked Exception types (CWE.397.NTX-3) 
  [82]   CWE-499: Serializable Class Containing Sensitive Data (CWE.499) 
        [22]   Inspect instance fields of serializable objects to make sure they will not expose sensitive information (CWE.499.SIF-1) 
        [60]   Make your classes nonserializeable (CWE.499.SER-5) 
  [2]   CWE-375: Returning a Mutable Object to an Untrusted Caller (CWE.375) 
        [2]   Avoid methods that might expose internal representations by returning arrays or other mutable fields (CWE.375.RA-3) 
  [4]   CWE-496: Public Data Assigned to Private Array-Typed Field (CWE.496) 
        [4]   Always clone array parameters which are stored to fields (CWE.496.CAP-1) 
  [2]   CWE-495: Private Data Structure Returned From A Public Method (CWE.495) 
        [2]   Avoid methods that might expose internal representations by returning arrays or other mutable fields (CWE.495.RA-3) 
  [2]   CWE-245: J2EE Bad Practices: Direct Management of Connections (CWE.245) 
        [2]   Avoid using native JDBC (CWE.245.JDBCTEMPLATE-3) 
  [1]   CWE-595: Comparison of Object References Instead of Object Contents (CWE.595) 
        [1]   Do not use '==' or '!=' to compare objects (CWE.595.UEIC-2) 
  [8]   CWE-352: Cross-Site Request Forgery (CSRF) (CWE.352) 
        [8]   Validate all dangerous data (CWE.352.VPPD-2) 
  [1]   CWE-582: Array Declared Public, Final, and Static (CWE.582) 
        [1]   Ensure "static" "final" fields are immutable (CWE.582.IMM-3) 
  [2]   CWE-457: Use of Uninitialized Variable (CWE.457) 
        [2]   Avoid use before explicit initialization (CWE.457.NOTEXPLINIT-1) 
  [2]   CWE-571: Expression is Always True (CWE.571) 
        [2]   Avoid conditions that always evaluate to the same value (CWE.571.CC-2) 
  [2]   CWE-570: Expression is Always False (CWE.570) 
        [2]   Avoid conditions that always evaluate to the same value (CWE.570.CC-2) 
  [2]   CWE-459: Incomplete Cleanup (CWE.459) 
        [2]   Ensure resources are deallocated (CWE.459.LEAKS-1) 
  [2]   CWE-561: Dead Code (CWE.561) 
        [2]   Avoid conditions that always evaluate to the same value (CWE.561.CC-2) 
  [8]   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE.79) 
        [8]   Validate all dangerous data (CWE.79.VPPD-2) 
  [1]   CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE.89) 
        [1]   Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (CWE.89.UPS-1) 
  [357]   Design by Contract (DBC) 
        [99]   Provide an '@invariant' contract for all getter methods (DBC.IGM-3) 
        [27]   Do not invoke a method on a reference that is not guaranteed to be non-null (DBC.IMNR-3) 
        [1]   Include a '@pre != null' tag for each parameter that is dereferenced before being checked for null (DBC.IPAN-3) 
        [22]   Provide an '@invariant' contract for all "public" classes (DBC.PUBC-3) 
        [102]   Provide a '@post' contract for all "public" methods (DBC.PUBMPOST-3) 
        [102]   Provide a '@pre' contract for all "public" methods (DBC.PUBMPRE-3) 
        [2]   Provide a '@post' contract for all "private" methods (DBC.PRIMPOST-5) 
        [2]   Provide a '@pre' contract for all "private" methods (DBC.PRIMPRE-5) 
  [28]   Exceptions (EXCEPT) 
        [2]   Catch all "Throwable" objects which may be thrown in the body of certain methods (EXCEPT.CATO-2) 
        [10]   Do not throw exceptions from constructors of "public" non-"final" classes (EXCEPT.EPNFC-3) 
        [2]   Ensure that the 'parse' methods of the numeric classes do not throw unhandled "NumberFormatExceptions" (EXCEPT.NFE-3) 
        [14]   Do not throw exception types which are too general or are unchecked exceptions (EXCEPT.NTERR-3) 
  [713]   Formatting (FORMAT) 
        [65]   Include a meaningful file header comment in every source file (FORMAT.MCH-2) 
        [10]   Use '()' to separate complex expressions (FORMAT.APAREN-3) 
        [67]   Enforce number of blank line(s) before type declarations (FORMAT.BLCD-3) 
        [28]   Enforce number of blank line(s) to separate "imports" from different packages (FORMAT.BLSIM-3) 
        [1]   Place a single space character or no space character after type casting (FORMAT.CMS-3) 
        [17]   Enforce the position of '{' brace (FORMAT.FCB-3) 
        [6]   Declare arrays with '[]' brackets after the array type and before the variable name(s) (FORMAT.IAD-3) 
        [138]   Enforce number of space(s) for indentation (FORMAT.IND-3) 
        [92]   Limit the maximum length of a line (FORMAT.LL-3) 
        [1]   Enforce number of space character(s) after every comma (FORMAT.SAC-3) 
        [23]   Enforce number of space character(s) on each side of an assignment operator (FORMAT.SAOP-3) 
        [73]   Enforce number of space character(s) after the opening parenthesis "(" of a conditional statement (FORMAT.SAP-3) 
        [1]   Enforce number of space character(s) before and after the "?" conditional operator (FORMAT.SCOP-3) 
        [4]   Avoid using trailing comments (FORMAT.TC-3) 
        [14]   Make sure all files are terminated with a newline character (FORMAT.TNL-3) 
        [173]   Enforce number of blank line(s) between major sections (FORMAT.U2BL-3) 
  [5]   Garbage Collection (GC) 
        [1]   Reuse immutable constant objects to conserve memory (GC.RCO-3) 
        [4]   Avoid "static" collections or maps; they can grow without bounds (GC.STV-3) 
  [406]   Global Static Analysis (GLOBAL) 
        [7]   Avoid unused "throws" clauses (GLOBAL.AUT-2) 
        [1]   Ensure correct constructor declarations in utility classes (GLOBAL.UCC-2) 
        [18]   Declare "public/protected" types as inaccessible as possible (GLOBAL.DPPC-4) 
        [14]   Declare "public/protected" fields as inaccessible as possible (GLOBAL.DPPF-4) 
        [45]   Declare "public/protected" methods as inaccessible as possible (GLOBAL.DPPM-4) 
        [10]   Avoid interfaces which are never implemented and "abstract" classes which are never extended (GLOBAL.NIE-4) 
        [5]   Avoid globally unused enum constants (GLOBAL.UEC-4) 
        [41]   Avoid globally unused "public/protected" types (GLOBAL.UPPC-4) 
        [210]   Avoid globally unused "public/protected" methods (GLOBAL.UPPM-4) 
        [14]   Declare a "public/protected" "class" "final" if it is not subclassed (GLOBAL.SPPC-5) 
        [41]   Declare a "public/protected" method "final" if it is not overridden (GLOBAL.SPPM-5) 
  [100]   Initialization (INIT) 
        [2]   Use explicit initializations/Do not initialize "static" fields to default values (INIT.SF-3) 
        [98]   Explicitly initialize all fields (INIT.CSI-4) 
  [285]   Internationalization (INTER) 
        [5]   Use the optional java.util.Locale parameter (INTER.CCL-3) 
        [214]   Isolate translatable text in resource bundles in an Internationalized environment (INTER.ITT-3) 
        [1]   Provide a 'Locale' argument when instantiating 'SimpleDateFormat' objects (INTER.SDFL-3) 
        [2]   Do not call 'toString()' or 'String.valueOf()' on Date objects in an Internationalized environment (INTER.DTS-4) 
        [28]   Do not call 'toString()' or 'String.valueOf()' on numeric values in an Internationalized environment (INTER.NTS-4) 
        [2]   Do not call the 'parse' methods of the 'Number' types in an Internationalized environment (INTER.PN-4) 
        [33]   Do not use String concatenation in an Internationalized environment (INTER.COS-5) 
  [636]   Javadoc Comments (JAVADOC) 
        [155]   Always include a description of whether or not a method can return null in the Javadoc (JAVADOC.CRN-3) 
        [3]   Avoid unused Javadoc tags (JAVADOC.DPMT-3) 
        [35]   Enforce custom Javadoc tags for methods/annotation member types (JAVADOC.ECTM-3) 
        [36]   Enforce custom Javadoc tags for types (JAVADOC.ECTT-3) 
        [16]   Include a meaningful description in Javadoc tags (JAVADOC.MDJT-3) 
        [2]   Use the '@return' Javadoc tag in method Javadoc comments (JAVADOC.MRDC-3) 
        [37]   Use the '@version' tag in type Javadoc comments (JAVADOC.MVJDT-3) 
        [1]   Use the '@param' Javadoc tag for each parameter of methods (JAVADOC.PARAM-3) 
        [31]   Provide Javadoc comments and descriptions for types (JAVADOC.PJDC-3) 
        [103]   Provide Javadoc comments and descriptions for fields (JAVADOC.PJDF-3) 
        [118]   Provide Javadoc comments and descriptions for methods (JAVADOC.PJDM-3) 
        [38]   Enforce restraint on number of lines used for Javadoc comments (JAVADOC.SINGLE-3) 
        [22]   Avoid misspelling words in Javadoc comments and string literals (JAVADOC.SPELL-3) 
        [5]   Use the '@throws' or '@exception' Javadoc tag in methods (JAVADOC.THROW-3) 
        [2]   Provide a Javadoc comment for 'toString()' methods (JAVADOC.TSMJT-3) 
        [1]   Avoid using the '@return' Javadoc tag on "void" methods (JAVADOC.VMCR-3) 
        [31]   Use the '@author' Javadoc tag in declaration Javadoc comments (JAVADOC.MAJDT-4) 
  [16]   Java Database Connectivity (JDBC) 
        [16]   Close JDBC resources in "finally" blocks (JDBC.RRWD-1) 
  [309]   JUnit Test Case (JUNIT) 
        [309]   Make sure all methods have at least one JUnit test method (JUNIT.TEST-2) 
  [54]   Metrics - deprecated (METRICS) 
        [3]   DEPRECATED: Number of "public" fields (METRICS.NPUBF-2) 
        [2]   DEPRECATED: Number of "public" methods (METRICS.NPUBM-2) 
        [2]   DEPRECATED: Number of parameters (METRICS.PAR-2) 
        [1]   DEPRECATED: Number of lines in a method (METRICS.TNLM-2) 
        [1]   DEPRECATED: Number of method calls (METRICS.TNMC-2) 
        [2]   DEPRECATED: Number of statements in a method (METRICS.NSTMT-3) 
        [38]   DEPRECATED: Percentage of Javadoc comments (%) (METRICS.PJDC-3) 
        [5]   DEPRECATED: Number of fields (METRICS.NOFT-4) 
  [324]   Embedded Devices (MOBILE) 
        [190]   Avoid accessing same fields and methods multiple times (MOBILE.ACFM-3) 
        [7]   Avoid using 'getter' and 'setter' methods (MOBILE.AMA-3) 
        [125]   Avoid declaring "interface" types (MOBILE.AUI-3) 
        [1]   Avoid using enums (MOBILE.ENUM-3) 
        [1]   Avoid using floats (MOBILE.FLOATER-3) 
  [45]   Java 2 Micro Edition (MOBILE.J2ME) 
        [6]   Do not use an array length in a loop condition expression (MOBILE.J2ME.ARLL-3) 
        [1]   Avoid classes that are subclassed only once and are not publicly used (MOBILE.J2ME.CSOO-3) 
        [30]   Do not access a field excessively (MOBILE.J2ME.EAOF-3) 
        [2]   Ensure methods use return parameters instead of returning new objects (MOBILE.J2ME.EURP-3) 
        [6]   Catch 'OutOfMemoryError' for large array allocations (MOBILE.J2ME.OOME-3) 
  [181]   Naming Conventions (NAMING) 
        [2]   Follow a naming convention for "boolean" getter methods (NAMING.GETB-3) 
        [2]   Use a naming convention for array and collection variables (NAMING.NAC-3) 
        [6]   Follow a naming convention for setter methods (NAMING.SETA-3) 
        [2]   Use a naming convention for singleton classes (NAMING.SINGLETON-3) 
        [1]   Use a naming convention for utility classes (NAMING.UTIL-3) 
        [6]   Use conventional variable names (NAMING.CVN-4) 
        [8]   Follow limits for the lengths of type, method, field, parameter, and variable names (NAMING.LLI-4) 
        [154]   Use Hungarian notation for variables (NAMING.UHN-4) 
  [433]   Object Oriented Programming (OOP) 
        [147]   Do not hide fields and local variables declared in enclosing scopes (OOP.HIF-3) 
        [147]   Do not give method local variables and parameters the same name as class fields (OOP.HMF-3) 
        [129]   Provide mutable classes with copy functionality (OOP.MUCOP-3) 
        [1]   Do not declare a class as implementing an interface if a superclass already implements that interface (OOP.RI-3) 
        [2]   Use a naming convention for singleton classes (OOP.SNGL-3) 
        [6]   Ensure methods are either a command(change state) or a query(get state) (OOP.CQS-4) 
        [1]   Use "instanceof" only on interfaces (OOP.INSOF-4) 
  [391]   Optimization (OPT) 
        [6]   Avoid unnecessary Map operations (OPT.AUMO-3) 
        [11]   Define initial capacities for 'ArrayList', 'HashMap', 'HashSet', 'Hashtable', 'Vector' and 'WeakHashMap' (OPT.DIC-3) 
        [2]   Do not instantiate the wrapper classes for primitive types (OPT.PRIM-3) 
        [6]   Avoid using synchronized data structures for local variables (OPT.SDLS-3) 
        [154]   Use single quotes instead of double quotes for single character string concatenation (OPT.STR-3) 
        [16]   Do not call a synchronized method inside of a loop (OPT.SYN-3) 
        [4]   Use 'stack' variables whenever possible (OPT.USV-4) 
        [192]   Make getter and setter methods for instance fields "final" (OPT.MAF-5) 
  [1]   A1-Injection (OWASP2017.A1) 
        [1]   Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (OWASP2017.A1.UPS-1) 
  [4]   A8-Insecure Deserialization (OWASP2017.A8) 
        [4]   Implement 'readObject()' and 'writeObject()' for all 'Serializable' classes (OWASP2017.A8.OROM-5) 
  [24]   A6-Security Misconfiguration (OWASP2017.A6) 
        [14]   Do not throw exception types which are too general or are unchecked exceptions (OWASP2017.A6.NTERR-3) 
        [10]   Avoid declaring methods to throw general or unchecked Exception types (OWASP2017.A6.NTX-3) 
  [2]   API4-Lack of Resources & Rate Limiting (OWASP2019.API4) 
        [2]   Ensure resources are deallocated (OWASP2019.API4.LEAKS-1) 
  [26]   API7-Security Misconfiguration (OWASP2019.API7) 
        [2]   Avoid using native JDBC (OWASP2019.API7.JDBCTEMPLATE-3) 
        [14]   Do not throw exception types which are too general or are unchecked exceptions (OWASP2019.API7.NTERR-5) 
        [10]   Avoid declaring methods to throw general or unchecked Exception types (OWASP2019.API7.NTX-5) 
  [11]   API9-Improper Assets Management (OWASP2019.API9) 
        [3]   Avoid unused Javadoc tags (OWASP2019.API9.DPMT-3) 
        [1]   Avoid using the '@return' Javadoc tag on "void" methods (OWASP2019.API9.VMCR-3) 
        [5]   Use the '@throws' or '@exception' Javadoc tag in methods (OWASP2019.API9.THROW-5) 
        [2]   Provide a Javadoc comment for 'toString()' methods (OWASP2019.API9.TSMJT-5) 
  [1]   API8-Injection (OWASP2019.API8) 
        [1]   Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (OWASP2019.API8.UPS-1) 
  [24]   A5-Security Misconfiguration (OWASP2021.A5) 
        [14]   Do not throw exception types which are too general or are unchecked exceptions (OWASP2021.A5.NTERR-3) 
        [10]   Avoid declaring methods to throw general or unchecked Exception types (OWASP2021.A5.NTX-3) 
  [4]   A8-Software and Data Integrity Failures (OWASP2021.A8) 
        [4]   Implement 'readObject()' and 'writeObject()' for all 'Serializable' classes (OWASP2021.A8.OROM-5) 
  [1]   A3-Injection (OWASP2021.A3) 
        [1]   Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (OWASP2021.A3.UPS-1) 
  [3]   Possible Bugs (PB) 
        [3]   Ensure that keys used in comparison operations are immutable (PB.IKICO-3) 
  [2]   Useless Code (PB.USC) 
        [2]   Do not define empty "public" constructors in classes with no other constructors (PB.USC.EPC-3) 
  [3]   Numerical Errors (PB.NUM) 
        [3]   Do not pass floating point values to the 'BigDecimal' constructor (PB.NUM.BBDCC-2) 
  [2]   API Usage and Implementation (PB.API) 
        [1]   Do not extend 'java.util.HashMap' or 'java.util.Hashtable' (PB.API.EHM-3) 
        [1]   Do not extend "Collection" and "Map" classes (PB.API.ECMC-5) 
  [6]   Confusing or Unintended Behavior (PB.CUB) 
        [1]   Do not use '==' or '!=' to compare objects (PB.CUB.UEIC-2) 
        [1]   Ensure "static" "final" fields are immutable (PB.CUB.IMM-3) 
        [4]   Do not call non-"final", non-"static" and non-"private" methods from constructors (PB.CUB.CTOR-4) 
  [8]   6.5.9 Cross-site request forgery (CSRF) (PCIDSS32.659) 
        [8]   Validate all dangerous data (PCIDSS32.659.VPPD-2) 
  [1]   6.5.1 Injection flaws (PCIDSS32.651) 
        [1]   Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (PCIDSS32.651.UPS-1) 
  [1]   Portability (PORT) 
        [1]   Use "File.pathSeparator" or "File.pathSeparatorChar" instead of the corresponding literals (PORT.PSC-3) 
  [1]   Input-Based Attacks (SECURITY.IBA) 
        [1]   Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (SECURITY.IBA.UPS-1) 
  [492]   Weak Security Controls (SECURITY.WSC) 
        [4]   Always clone array parameters which are stored to fields (SECURITY.WSC.CAP-1) 
        [3]   Avoid constructors and overriding methods which are more accessible than those of their super classes (SECURITY.WSC.AMA-3) 
        [295]   Avoid string literals except in constant declarations and calls to System.out or System.err's 'print' or 'println' methods (SECURITY.WSC.SL-3) 
        [13]   Make immutable classes final (SECURITY.WSC.FIMU-4) 
        [10]   Defend against partially initialized instances of non-final classes (SECURITY.WSC.INIVF-4) 
        [40]   Make your classes nondeserializeable (SECURITY.WSC.DSER-5) 
        [67]   Make your classes noncloneable (SECURITY.WSC.MCNC-5) 
        [60]   Make your classes nonserializeable (SECURITY.WSC.SER-5) 
  [39]   Backdoor Vulnerabilities (SECURITY.BV) 
        [39]   Inspect usage of 'Date', 'Time' objects and 'System.currentTimeMillis()' method invocations (SECURITY.BV.ADT-5) 
  [8]   Erratic Application Behavior (SECURITY.EAB) 
        [4]   Do not store user-given mutable objects directly into variables (SECURITY.EAB.SMO-3) 
        [4]   Implement 'readObject()' and 'writeObject()' for all 'Serializable' classes (SECURITY.EAB.OROM-5) 
  [24]   Exposing Sensitive Data (SECURITY.ESD) 
        [22]   Inspect instance fields of serializable objects to make sure they will not expose sensitive information (SECURITY.ESD.SIF-1) 
        [2]   Avoid methods that might expose internal representations by returning arrays or other mutable fields (SECURITY.ESD.RA-3) 
  [7]   Serialization (SERIAL) 
        [7]   Implement Externalizable instead of Serializable (SERIAL.EZEE-3) 
  [2]   Spring Framework (SPRING) 
        [2]   Avoid using native JDBC (SPRING.JDBCTEMPLATE-3) 
  [27]   Threads & Synchronization (TRS) 
        [10]   Avoid compound synchronized collection accesses which violate atomicity (TRS.CMA-3) 
        [6]   Inspect accesses to "static" fields which may require synchronization (TRS.IASF-3) 
        [6]   Make lazy initializations thread-safe (TRS.ILI-3) 
        [2]   Use ConcurrentHashMap instead of Hashtable and "synchronizedMap" wrapped HashMap when possible (TRS.CHM-5) 
        [2]   Use "synchronized" blocks instead of making the whole method declaration "synchronized" (TRS.NSM-5) 
        [1]   Use synchronization on methods that implement 'Runnable.run()' (TRS.RUN-5) 
  [1]   Unused Code (UC) 
        [1]   Remove commented out Java code (UC.ACC-3) 

Findings by Author
Back to Top    
Author  Findings
suppressed total recommended
 devtest   0   6895   50 
 dev - Nick Rapoport   0   233   50 
 nrapo - Nick Rapoport   0   147   50 

devtest  Total Findings :  6895 Back to Top    

/com.parasoft:parabank/src/main/java/com/parasoft/bookstore/Book.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
4:  "import java.math.BigDecimal" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
4:  "import java.math.BigDecimal" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
5:  "import java.util.Date" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
5:  "import java.util.Date" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
7:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
7:  Use 2 blank lines before type declaration FORMAT.BLCD-3
7:  Public clone method missing CERT.OBJ05.MUCOP-1
7:  Static creation method missing CERT.OBJ05.MUCOP-1
7:  Copy constructor missing CERT.OBJ05.MUCOP-1
7:  Serializable class 'Book' does not implement readObject() APSC_DV.001460.OROM-2
7:  Public clone method missing CERT.OBJ06.MUCOP-2
7:  Static creation method missing CERT.OBJ06.MUCOP-2
7:  Copy constructor missing CERT.OBJ06.MUCOP-2
7:  'clone()' method is missing CERT.OBJ07.MCNC-2
7:  Public clone method missing CERT.OBJ04.MUCOP-3
7:  Static creation method missing CERT.OBJ04.MUCOP-3
7:  Copy constructor missing CERT.OBJ04.MUCOP-3
7:  Book has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
7:  getter method without an @invariant contract: getISBN() DBC.IGM-3
7:  getter method without an @invariant contract: getPublicationDate() DBC.IGM-3
7:  getter method without an @invariant contract: getDescription() DBC.IGM-3
7:  getter method without an @invariant contract: getAuthors() DBC.IGM-3
7:  getter method without an @invariant contract: getPublisher() DBC.IGM-3
7:  getter method without an @invariant contract: getTimestamp() DBC.IGM-3
7:  Missing Javadoc comment for 'Book' JAVADOC.PJDC-3
7:  Public clone method missing OOP.MUCOP-3
7:  Static creation method missing OOP.MUCOP-3
7:  Copy constructor missing OOP.MUCOP-3
7:  Book implements Serializable instead of Externalizable SERIAL.EZEE-3
7:  Class 'com.parasoft.bookstore.Book' should be declared "package-private" GLOBAL.DPPC-4
7:  Class 'com.parasoft.bookstore.Book' should be declared "final" GLOBAL.SPPC-5
7:  Serializable class 'Book' does not implement readObject() OWASP2017.A8.OROM-5
7:  Serializable class 'Book' does not implement readObject() OWASP2021.A8.OROM-5
7:  Serializable class 'Book' does not implement readObject() SECURITY.EAB.OROM-5
7:  'clone()' method is missing SECURITY.WSC.MCNC-5
7:  Number of Javadoc comments are below thresholds (%): 5.0 METRICS.PJDC-3
7:  interface type 'Serializable' is used MOBILE.AUI-3
7:  The interface 'Serializable' is already implemented by a superclass of this class OOP.RI-3
8:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
8:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
8:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
12:  Inspect field 'isbn' to ensure it will not expose sensitive data CWE.499.SIF-1
12:  Inspect field 'isbn' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
12:  Inspect field 'isbn' to ensure it will not expose sensitive data CERT.SER03.SIF-2
12:  Missing 'getIsbn()' method for field 'isbn' BEAN.NFM-4
12:  Missing 'setIsbn()' method for field 'isbn' BEAN.NFM-4
12:  Field 'isbn' should be declared "private" GLOBAL.DPPF-4
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
13:  Inspect field 'publication_date' to ensure it will not expose sensitive data CWE.499.SIF-1
13:  Inspect field 'publication_date' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
13:  Inspect field 'publication_date' to ensure it will not expose sensitive data CERT.SER03.SIF-2
13:  Missing 'getPublication_date()' method for field 'publication_date' BEAN.NFM-4
13:  Missing 'setPublication_date()' method for field 'publication_date' BEAN.NFM-4
13:  Field 'publication_date' should be declared "private" GLOBAL.DPPF-4
13:  Inspect usage of the 'Date' object 'publication_date' SECURITY.BV.ADT-5
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
14:  Inspect field 'description' to ensure it will not expose sensitive data CWE.499.SIF-1
14:  Inspect field 'description' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
14:  Inspect field 'description' to ensure it will not expose sensitive data CERT.SER03.SIF-2
14:  Field 'description' should be declared "private" GLOBAL.DPPF-4
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
15:  Inspect field 'authors' to ensure it will not expose sensitive data CWE.499.SIF-1
15:  Inspect field 'authors' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
15:  Inspect field 'authors' to ensure it will not expose sensitive data CERT.SER03.SIF-2
15:  Field 'authors' should be declared "private" GLOBAL.DPPF-4
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
16:  Inspect field 'publisher' to ensure it will not expose sensitive data CWE.499.SIF-1
16:  Inspect field 'publisher' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
16:  Inspect field 'publisher' to ensure it will not expose sensitive data CERT.SER03.SIF-2
16:  Field 'publisher' should be declared "private" GLOBAL.DPPF-4
17:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
17:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
17:  Inspect field 'timestamp' to ensure it will not expose sensitive data CWE.499.SIF-1
17:  Inspect field 'timestamp' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
17:  Inspect field 'timestamp' to ensure it will not expose sensitive data CERT.SER03.SIF-2
17:  Missing 'setTimestamp()' method for field 'timestamp' BEAN.NFM-4
17:  Field 'timestamp' should be declared "private" GLOBAL.DPPF-4
17:  Variable 'timestamp' does not end with 'long' NAMING.UHN-4
19:  No JUnit test method defined for 'Book()' JUNIT.TEST-2
19:  This constructor for the class "Book" does not explicitly call a constructor of the superclass CODSTA.READ.ECSC-3
19:  Missing Javadoc comment for method 'Book()' JAVADOC.PJDM-3
19:  Field 'isbn', declared on line 12, is not initialized in this constructor nor in its declaration INIT.CSI-4
19:  Field 'publisher', declared on line 16, is not initialized in this constructor nor in its declaration INIT.CSI-4
19:  Field 'publication_date', declared on line 13, is not initialized in this constructor nor in its declaration INIT.CSI-4
19:  Field 'description', declared on line 14, is not initialized in this constructor nor in its declaration INIT.CSI-4
19:  Field 'authors', declared on line 15, is not initialized in this constructor nor in its declaration INIT.CSI-4
19:  Field 'timestamp', declared on line 17, is not initialized in this constructor nor in its declaration INIT.CSI-4
19:  Overloaded constructors: 'Book' have different accessibilities CODSTA.BP.OCMA-5
23:  Line is longer than 80 characters: 82 APSC_DV.003215.LL-3
23:  Line is longer than 80 characters: 82 FORMAT.LL-3
23:  Constructor 'Book' throws 'ItemNotFoundException' CERT.OBJ11.EPNFC-1
23:  No JUnit test method defined for 'Book()' JUNIT.TEST-2
23:  Constructor 'Book' throws 'ItemNotFoundException' EXCEPT.EPNFC-3
23:  Constructor 'Book()' should be declared "package-private" CWE.749.DPPM-4
23:  Constructor 'Book()' should be declared "package-private" GLOBAL.DPPM-4
23:  Field 'timestamp', declared on line 17, is not initialized in this constructor nor in its declaration INIT.CSI-4
23:  'Book ()' contains too many parameters: 9 METRICS.PAR-2
23:  Formal parameter 'id' is not declared as final CODSTA.BP.FPF-3
23:  Variable 'id' does not end with 'int' NAMING.UHN-4
23:  Formal parameter 'isbn' is not declared as final CODSTA.BP.FPF-3
23:  The parameter 'isbn' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
23:  Parameter 'isbn' has the same name as a field OOP.HMF-3
23:  Formal parameter 'title' is not declared as final CODSTA.BP.FPF-3
23:  Formal parameter 'year' is not declared as final CODSTA.BP.FPF-3
23:  Inspect usage of the 'Date' object 'year' SECURITY.BV.ADT-5
23:  Array parameter 'authors' is not cloned before it is stored CWE.496.CAP-1
23:  Array parameter 'authors' is not cloned before it is stored SECURITY.WSC.CAP-1
23:  Formal parameter 'authors' is not declared as final CODSTA.BP.FPF-3
23:  The parameter 'authors' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
23:  Parameter 'authors' has the same name as a field OOP.HMF-3
24:  Line is longer than 80 characters: 85 APSC_DV.003215.LL-3
24:  Line is longer than 80 characters: 85 FORMAT.LL-3
24:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
24:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
24:  Formal parameter 'publisher' is not declared as final CODSTA.BP.FPF-3
24:  The parameter 'publisher' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
24:  Parameter 'publisher' has the same name as a field OOP.HMF-3
24:  Formal parameter 'description' is not declared as final CODSTA.BP.FPF-3
24:  The parameter 'description' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
24:  Parameter 'description' has the same name as a field OOP.HMF-3
24:  Formal parameter 'price' is not declared as final CODSTA.BP.FPF-3
24:  Formal parameter 'stock' is not declared as final CODSTA.BP.FPF-3
24:  Variable 'stock' does not end with 'int' NAMING.UHN-4
25:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
25:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
26:  Opening brace '{' is not on the same line as the constructor declaration APSC_DV.003215.FCB-3
26:  Opening brace '{' is not on the same line as the constructor declaration FORMAT.FCB-3
35:  No JUnit test method defined for 'getISBN()' JUNIT.TEST-2
35:  The method 'getISBN' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
35:  Globally unused "public" method: getISBN() GLOBAL.UPPM-4
35:  Getter method 'getISBN()' is not declared "final" OPT.MAF-5
39:  Setter method 'setISBN()' is not declared "final" OPT.MAF-5
39:  No JUnit test method defined for 'setISBN()' JUNIT.TEST-2
39:  Globally unused "public" method: setISBN() GLOBAL.UPPM-4
39:  Formal parameter 'isbn' is not declared as final CODSTA.BP.FPF-3
39:  The parameter 'isbn' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
39:  Parameter 'isbn' has the same name as a field OOP.HMF-3
43:  No JUnit test method defined for 'getPublicationDate()' JUNIT.TEST-2
43:  The method 'getPublicationDate' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
43:  Globally unused "public" method: getPublicationDate() GLOBAL.UPPM-4
43:  Getter method 'getPublicationDate()' is not declared "final" OPT.MAF-5
47:  Setter method 'setPublicationDate()' is not declared "final" OPT.MAF-5
47:  No JUnit test method defined for 'setPublicationDate()' JUNIT.TEST-2
47:  Globally unused "public" method: setPublicationDate() GLOBAL.UPPM-4
47:  Formal parameter 'publication_date' is not declared as final CODSTA.BP.FPF-3
47:  The parameter 'publication_date' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
47:  Parameter 'publication_date' has the same name as a field OOP.HMF-3
47:  Inspect usage of the 'Date' object 'publication_date' SECURITY.BV.ADT-5
51:  No JUnit test method defined for 'getDescription()' JUNIT.TEST-2
51:  The method 'getDescription' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
51:  Globally unused "public" method: getDescription() GLOBAL.UPPM-4
51:  Getter method 'getDescription()' is not declared "final" OPT.MAF-5
55:  Setter method 'setDescription()' is not declared "final" OPT.MAF-5
55:  No JUnit test method defined for 'setDescription()' JUNIT.TEST-2
55:  Globally unused "public" method: setDescription() GLOBAL.UPPM-4
55:  Formal parameter 'description' is not declared as final CODSTA.BP.FPF-3
55:  The parameter 'description' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
55:  Parameter 'description' has the same name as a field OOP.HMF-3
59:  No JUnit test method defined for 'getAuthors()' JUNIT.TEST-2
59:  The method 'getAuthors' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
59:  Globally unused "public" method: getAuthors() GLOBAL.UPPM-4
59:  Getter method 'getAuthors()' is not declared "final" OPT.MAF-5
60:  Exposing the internal representation of 'Book' through the array 'authors' CWE.375.RA-3
60:  Exposing the internal representation of 'Book' through the array 'authors' CWE.495.RA-3
60:  Exposing the internal representation of 'Book' through the array 'authors' SECURITY.ESD.RA-3
63:  No JUnit test method defined for 'setAuthors()' JUNIT.TEST-2
63:  Globally unused "public" method: setAuthors() GLOBAL.UPPM-4
63:  Setter method 'setAuthors()' is not declared "final" OPT.MAF-5
63:  Array parameter 'authors' is not cloned before it is stored CWE.496.CAP-1
63:  Array parameter 'authors' is not cloned before it is stored SECURITY.WSC.CAP-1
63:  Formal parameter 'authors' is not declared as final CODSTA.BP.FPF-3
63:  The parameter 'authors' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
63:  Parameter 'authors' has the same name as a field OOP.HMF-3
67:  No JUnit test method defined for 'getPublisher()' JUNIT.TEST-2
67:  The method 'getPublisher' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
67:  Globally unused "public" method: getPublisher() GLOBAL.UPPM-4
67:  Getter method 'getPublisher()' is not declared "final" OPT.MAF-5
71:  Setter method 'setPublisher()' is not declared "final" OPT.MAF-5
71:  No JUnit test method defined for 'setPublisher()' JUNIT.TEST-2
71:  Globally unused "public" method: setPublisher() GLOBAL.UPPM-4
71:  Formal parameter 'publisher' is not declared as final CODSTA.BP.FPF-3
71:  The parameter 'publisher' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
71:  Parameter 'publisher' has the same name as a field OOP.HMF-3
75:  No JUnit test method defined for 'getTimestamp()' JUNIT.TEST-2
75:  Globally unused "public" method: getTimestamp() GLOBAL.UPPM-4
75:  Getter method 'getTimestamp()' is not declared "final" OPT.MAF-5
79:  No JUnit test method defined for 'refreshTimestamp()' JUNIT.TEST-2
79:  Missing Javadoc comment for method 'refreshTimestamp()' JAVADOC.PJDM-3
79:  Name of setter method 'refreshTimestamp' does not match user-specified regular expression '^set.' NAMING.SETA-3
79:  Globally unused "public" method: refreshTimestamp() GLOBAL.UPPM-4
80:  Inspect that 'System.currentTimeMillis()' is used securely SECURITY.BV.ADT-5
82:  File should be terminated by a newline character APSC_DV.003215.TNL-3
82:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore/BookStoreDB.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
4:  "import java.sql.Date" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
4:  "import java.sql.Date" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
9:  "import java.util.Enumeration" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
9:  "import java.util.Enumeration" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
13:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
13:  Use 2 blank lines before type declaration FORMAT.BLCD-3
13:  Public clone method missing CERT.OBJ05.MUCOP-1
13:  Static creation method missing CERT.OBJ05.MUCOP-1
13:  Copy constructor missing CERT.OBJ05.MUCOP-1
13:  Public clone method missing CERT.OBJ06.MUCOP-2
13:  Static creation method missing CERT.OBJ06.MUCOP-2
13:  Copy constructor missing CERT.OBJ06.MUCOP-2
13:  'clone()' method is missing CERT.OBJ07.MCNC-2
13:  Public clone method missing CERT.OBJ04.MUCOP-3
13:  Static creation method missing CERT.OBJ04.MUCOP-3
13:  Copy constructor missing CERT.OBJ04.MUCOP-3
13:  Missing Javadoc comment for 'BookStoreDB' JAVADOC.PJDC-3
13:  Name of singleton class 'BookStoreDB' does not match user-specified regular expression '^.+Singleton$' NAMING.SINGLETON-3
13:  Public clone method missing OOP.MUCOP-3
13:  Static creation method missing OOP.MUCOP-3
13:  Copy constructor missing OOP.MUCOP-3
13:  Class 'com.parasoft.bookstore.BookStoreDB' should be declared "package-private" GLOBAL.DPPC-4
13:  'writeObject()' method is missing CWE.499.SER-5
13:  Class 'com.parasoft.bookstore.BookStoreDB' should be declared "final" GLOBAL.SPPC-5
13:  'clone()' method is missing SECURITY.WSC.MCNC-5
13:  'writeObject()' method is missing SECURITY.WSC.SER-5
13:  This class is not declared as "final" although it has only "private" constructors CODSTA.BP.PCF-3
13:  'BookStoreDB' contains too many fields: 16 METRICS.NOFT-4
13:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
13:  'readObject()' method is missing SECURITY.WSC.DSER-5
14:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
14:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
14:  Variable 'MAX_BOOKS_TO_ADD' does not end with 'int' NAMING.UHN-4
16:  Elements in 'BookStoreDB' not ordered appropriately, first violation: field 'NL_TABLE_BOOK' at line 16 should be placed before field 'MAX_BOOKS_TO_ADD' at line 14 CODSTA.ORG.FO-3
16:  There is not 1 space after 'NL_TABLE_BOOK' APSC_DV.003215.SAOP-3
16:  There is not 1 space after 'NL_TABLE_BOOK' FORMAT.SAOP-3
16:  Constant 'NL_TABLE_BOOK' is not defined in an "interface" CODSTA.ORG.DCI-4
16:  Non internationalized string: "book" INTER.ITT-3
17:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
17:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
17:  There is not 1 space after 'NL_TABLE_AUTHOR' APSC_DV.003215.SAOP-3
17:  There is not 1 space after 'NL_TABLE_AUTHOR' FORMAT.SAOP-3
17:  Constant 'NL_TABLE_AUTHOR' is not defined in an "interface" CODSTA.ORG.DCI-4
17:  Non internationalized string: "author" INTER.ITT-3
18:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
18:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
18:  Constant 'NL_TABLE_PUBLISHER' is not defined in an "interface" CODSTA.ORG.DCI-4
18:  Non internationalized string: "publisher" INTER.ITT-3
20:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
20:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
20:  There is not 1 space after 'NL_ID' APSC_DV.003215.SAOP-3
20:  There is not 1 space after 'NL_ID' FORMAT.SAOP-3
20:  Constant 'NL_ID' is not defined in an "interface" CODSTA.ORG.DCI-4
20:  Non internationalized string: "id" INTER.ITT-3
21:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
21:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
21:  There is not 1 space after 'NL_ISBN' APSC_DV.003215.SAOP-3
21:  There is not 1 space after 'NL_ISBN' FORMAT.SAOP-3
21:  Constant 'NL_ISBN' is not defined in an "interface" CODSTA.ORG.DCI-4
21:  Non internationalized string: "isbn" INTER.ITT-3
21:  Misspelled word 'isbn' JAVADOC.SPELL-3
22:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
22:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
22:  There is not 1 space after 'NL_TITLE' APSC_DV.003215.SAOP-3
22:  There is not 1 space after 'NL_TITLE' FORMAT.SAOP-3
22:  Constant 'NL_TITLE' is not defined in an "interface" CODSTA.ORG.DCI-4
22:  Non internationalized string: "title" INTER.ITT-3
23:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
23:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
23:  There is not 1 space after 'NL_YEAR' APSC_DV.003215.SAOP-3
23:  There is not 1 space after 'NL_YEAR' FORMAT.SAOP-3
23:  Constant 'NL_YEAR' is not defined in an "interface" CODSTA.ORG.DCI-4
23:  Non internationalized string: "year" INTER.ITT-3
24:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
24:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
24:  There is not 1 space after 'NL_NAME' APSC_DV.003215.SAOP-3
24:  There is not 1 space after 'NL_NAME' FORMAT.SAOP-3
24:  Constant 'NL_NAME' is not defined in an "interface" CODSTA.ORG.DCI-4
24:  Non internationalized string: "name" INTER.ITT-3
25:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
25:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
25:  Constant 'NL_DESCRIPTION' is not defined in an "interface" CODSTA.ORG.DCI-4
25:  Non internationalized string: "description" INTER.ITT-3
26:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
26:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
26:  There is not 1 space after 'NL_PRICE' APSC_DV.003215.SAOP-3
26:  There is not 1 space after 'NL_PRICE' FORMAT.SAOP-3
26:  Constant 'NL_PRICE' is not defined in an "interface" CODSTA.ORG.DCI-4
26:  Non internationalized string: "price" INTER.ITT-3
27:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
27:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
27:  There is not 1 space after 'NL_STOCK' APSC_DV.003215.SAOP-3
27:  There is not 1 space after 'NL_STOCK' FORMAT.SAOP-3
27:  Constant 'NL_STOCK' is not defined in an "interface" CODSTA.ORG.DCI-4
27:  Non internationalized string: "stock" INTER.ITT-3
29:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
29:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
29:  Constant 'NL_PUBLISHER_NAME' is not defined in an "interface" CODSTA.ORG.DCI-4
29:  Non internationalized string: "PN" INTER.ITT-3
30:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
30:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
30:  Non internationalized string: "AN" INTER.ITT-3
34:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
34:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
34:  Found "static" variable of type "Map" or "Collection": 'addedBooks' GC.STV-3
34:  "static" field 'addedBooks' not initialized INIT.SF-3
36:  Constructor 'BookStoreDB' throws 'SQLException, InstantiationException, IllegalAccessException, ClassNotFoundException' CERT.OBJ11.EPNFC-1
36:  Constructor 'BookStoreDB' throws 'SQLException, InstantiationException, IllegalAccessException, ClassNotFoundException' EXCEPT.EPNFC-3
37:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
37:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
41:  Opening brace '{' is not on the same line as the constructor declaration APSC_DV.003215.FCB-3
41:  Opening brace '{' is not on the same line as the constructor declaration FORMAT.FCB-3
45:  No JUnit test method defined for 'getDBInstance()' JUNIT.TEST-2
45:  The method 'getDBInstance' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
45:  Missing Javadoc comment for method 'getDBInstance()' JAVADOC.PJDM-3
45:  The class 'BookStoreDB' is a singleton, but the method 'getDBInstance()' to get the singleton instance is not "synchronized" OOP.SNGL-3
45:  Method 'getDBInstance()' should be declared "package-private" CWE.749.DPPM-4
45:  Method 'getDBInstance()' should be declared "package-private" GLOBAL.DPPM-4
46:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
46:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
50:  Opening brace '{' is not on the same line as the method declaration APSC_DV.003215.FCB-3
50:  Opening brace '{' is not on the same line as the method declaration FORMAT.FCB-3
51:  Lazy initialization is not thread-safe: db CERT.MSC07.ILI-3
51:  Lazy initialization is not thread-safe: db CWE.543.ILI-3
51:  Lazy initialization is not thread-safe: db TRS.ILI-3
51:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
51:  Parenthesis not followed by 1 space FORMAT.SAP-3
52:  This code may not be thread-safe; setting and accessing the field 'db' may require synchronization CERT.LCK05.IASF-3
52:  This code may not be thread-safe; setting and accessing the field 'db' may require synchronization CWE.543.IASF-3
52:  This code may not be thread-safe; setting and accessing the field 'db' may require synchronization TRS.IASF-3
53:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
53:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
53:  Parenthesis not followed by 1 space FORMAT.SAP-3
55:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
59:  Line is longer than 80 characters: 102 APSC_DV.003215.LL-3
59:  Line is longer than 80 characters: 102 FORMAT.LL-3
59:  No JUnit test method defined for 'getByTitleLike()' JUNIT.TEST-2
59:  The method 'getByTitleLike' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
59:  Missing Javadoc comment for method 'getByTitleLike()' JAVADOC.PJDM-3
59:  Globally unused "public" method: getByTitleLike() GLOBAL.UPPM-4
59:  Overloaded methods: 'getByTitleLike' have different accessibilities CODSTA.BP.OCMA-5
59:  Formal parameter 'titlePart' is not declared as final CODSTA.BP.FPF-3
60:  Line is longer than 80 characters: 83 APSC_DV.003215.LL-3
60:  Line is longer than 80 characters: 83 FORMAT.LL-3
61:  The declaration of the local variable 'query' is not followed by a comment CODSTA.READ.CLV-5
61:  Concatenating strings CERT.STR00.COS-3
61:  Non internationalized string: "SELECT DISTINCT " INTER.ITT-3
61:  Concatenating strings INTER.COS-5
61:  The String literal "SELECT DISTINCT " is used SECURITY.WSC.SL-3
62:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
62:  Single character '.' using double quotes in string concatenation OPT.STR-3
62:  The String literal "." is used SECURITY.WSC.SL-3
62:  The String literal "," is used SECURITY.WSC.SL-3
62:  Single character ',' using double quotes in string concatenation OPT.STR-3
63:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
63:  Single character '.' using double quotes in string concatenation OPT.STR-3
63:  The String literal "." is used SECURITY.WSC.SL-3
63:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
63:  Single character ',' using double quotes in string concatenation OPT.STR-3
63:  The String literal "," is used SECURITY.WSC.SL-3
64:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
64:  Single character '.' using double quotes in string concatenation OPT.STR-3
64:  The String literal "." is used SECURITY.WSC.SL-3
64:  The String literal "," is used SECURITY.WSC.SL-3
64:  Single character ',' using double quotes in string concatenation OPT.STR-3
65:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
65:  Single character '.' using double quotes in string concatenation OPT.STR-3
65:  The String literal "." is used SECURITY.WSC.SL-3
65:  The String literal "," is used SECURITY.WSC.SL-3
65:  Single character ',' using double quotes in string concatenation OPT.STR-3
66:  Line is longer than 80 characters: 87 APSC_DV.003215.LL-3
66:  Line is longer than 80 characters: 87 FORMAT.LL-3
66:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
66:  Single character '.' using double quotes in string concatenation OPT.STR-3
66:  The String literal "." is used SECURITY.WSC.SL-3
66:  The String literal " as " is used SECURITY.WSC.SL-3
66:  Non internationalized string: " as " INTER.ITT-3
66:  Single character ',' using double quotes in string concatenation OPT.STR-3
66:  The String literal "," is used SECURITY.WSC.SL-3
67:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
67:  Single character '.' using double quotes in string concatenation OPT.STR-3
67:  The String literal "." is used SECURITY.WSC.SL-3
67:  The String literal "," is used SECURITY.WSC.SL-3
67:  Single character ',' using double quotes in string concatenation OPT.STR-3
68:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
68:  Single character '.' using double quotes in string concatenation OPT.STR-3
68:  The String literal "." is used SECURITY.WSC.SL-3
68:  The String literal "," is used SECURITY.WSC.SL-3
68:  Single character ',' using double quotes in string concatenation OPT.STR-3
69:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
69:  Single character '.' using double quotes in string concatenation OPT.STR-3
69:  The String literal "." is used SECURITY.WSC.SL-3
70:  The String literal " FROM " is used SECURITY.WSC.SL-3
70:  Non internationalized string: " FROM " INTER.ITT-3
71:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
71:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
71:  Single character ',' using double quotes in string concatenation OPT.STR-3
71:  The String literal "," is used SECURITY.WSC.SL-3
72:  The String literal "," is used SECURITY.WSC.SL-3
72:  Single character ',' using double quotes in string concatenation OPT.STR-3
73:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
74:  Non internationalized string: " WHERE " INTER.ITT-3
74:  The String literal " WHERE " is used SECURITY.WSC.SL-3
75:  Line is longer than 80 characters: 114 APSC_DV.003215.LL-3
75:  Line is longer than 80 characters: 114 FORMAT.LL-3
75:  Non internationalized string: "LCASE(" INTER.ITT-3
75:  The String literal "LCASE(" is used SECURITY.WSC.SL-3
75:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
75:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
75:  Single character '.' using double quotes in string concatenation OPT.STR-3
75:  The String literal "." is used SECURITY.WSC.SL-3
75:  The String literal ")" is used SECURITY.WSC.SL-3
75:  Single character ')' using double quotes in string concatenation OPT.STR-3
75:  Non internationalized string: " LIKE '%" INTER.ITT-3
75:  The String literal " LIKE '%" is used SECURITY.WSC.SL-3
75:  The 'toLowerCase' method is called without the java.util.Locale parameter CERT.STR02.CCL-2
75:  The 'toLowerCase' method is called without the java.util.Locale parameter INTER.CCL-3
75:  Non internationalized string: "%' AND " INTER.ITT-3
75:  The String literal "%' AND " is used SECURITY.WSC.SL-3
76:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
76:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
76:  Single character '.' using double quotes in string concatenation OPT.STR-3
76:  The String literal "." is used SECURITY.WSC.SL-3
76:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
76:  The String literal " = " is used SECURITY.WSC.SL-3
77:  The String literal "." is used SECURITY.WSC.SL-3
77:  Single character '.' using double quotes in string concatenation OPT.STR-3
77:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
77:  Non internationalized string: " AND " INTER.ITT-3
77:  The String literal " AND " is used SECURITY.WSC.SL-3
78:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
78:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
78:  Non internationalized string: ".publisher_id = " INTER.ITT-3
78:  The String literal ".publisher_id = " is used SECURITY.WSC.SL-3
79:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
79:  Single character '.' using double quotes in string concatenation OPT.STR-3
79:  The String literal "." is used SECURITY.WSC.SL-3
80:  The local variable 'db' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
80:  Local variable 'db' has the same name as a field OOP.HMF-3
80:  The declaration of the local variable 'db' is not followed by a comment CODSTA.READ.CLV-5
81:  Line is longer than 80 characters: 123 APSC_DV.003215.LL-3
81:  Line is longer than 80 characters: 123 FORMAT.LL-3
81:  interface type 'Statement' is used MOBILE.AUI-3
81:  JDBC resource 'stmt' is not closed in a "finally" block JDBC.RRWD-1
81:  The declaration of the local variable 'stmt' is not followed by a comment CODSTA.READ.CLV-5
81:  Avoid using native jdbc to prepare statement CWE.245.JDBCTEMPLATE-3
81:  Avoid using native jdbc to prepare statement OWASP2019.API7.JDBCTEMPLATE-3
81:  Avoid using native jdbc to prepare statement SPRING.JDBCTEMPLATE-3
81:  Consider using 'prepareCall()' or 'prepareStatement()' to prevent SQL injection vulnerabilities CWE.89.UPS-1
81:  Consider using 'prepareCall()' or 'prepareStatement()' to prevent SQL injection vulnerabilities OWASP2017.A1.UPS-1
81:  Consider using 'prepareCall()' or 'prepareStatement()' to prevent SQL injection vulnerabilities OWASP2019.API8.UPS-1
81:  Consider using 'prepareCall()' or 'prepareStatement()' to prevent SQL injection vulnerabilities OWASP2021.A3.UPS-1
81:  Consider using 'prepareCall()' or 'prepareStatement()' to prevent SQL injection vulnerabilities PCIDSS32.651.UPS-1
81:  Consider using 'prepareCall()' or 'prepareStatement()' to prevent SQL injection vulnerabilities SECURITY.IBA.UPS-1
81:  Consider using 'prepareCall()' or 'prepareStatement()' to prevent SQL injection vulnerabilities APSC_DV.001460.UPS-2
82:  There is not 1 space after 'books' APSC_DV.003215.SAOP-3
82:  There is not 1 space after 'books' FORMAT.SAOP-3
82:  The declaration of the local variable 'books' is not followed by a comment CODSTA.READ.CLV-5
82:  Avoid using native jdbc to execute statement CWE.245.JDBCTEMPLATE-3
82:  Avoid using native jdbc to execute statement OWASP2019.API7.JDBCTEMPLATE-3
82:  Avoid using native jdbc to execute statement SPRING.JDBCTEMPLATE-3
 +  85:  JDBC resultset not closed: stmt.resultSet() APSC_DV.002000.LEAKS-2
 +  85:  JDBC resultset not closed: stmt.resultSet() BD.RES.LEAKS-1
 +  85:  JDBC resultset not closed: stmt.resultSet() CERT.FIO04.LEAKS-3
 +  85:  JDBC resultset not closed: stmt.resultSet() CERT.MSC04.LEAKS-3
 +  85:  JDBC resultset not closed: stmt.resultSet() CWE.400.LEAKS-1
 +  85:  JDBC resultset not closed: stmt.resultSet() CWE.459.LEAKS-1
 +  85:  JDBC resultset not closed: stmt.resultSet() CWE.771.LEAKS-1
 +  85:  JDBC resultset not closed: stmt.resultSet() CWE.772.LEAKS-1
 +  85:  JDBC resultset not closed: stmt.resultSet() OWASP2019.API4.LEAKS-1
 +  85:  JDBC statement not closed: stmt APSC_DV.002000.LEAKS-2
 +  85:  JDBC statement not closed: stmt BD.RES.LEAKS-1
 +  85:  JDBC statement not closed: stmt CERT.FIO04.LEAKS-3
 +  85:  JDBC statement not closed: stmt CERT.MSC04.LEAKS-3
 +  85:  JDBC statement not closed: stmt CWE.400.LEAKS-1
 +  85:  JDBC statement not closed: stmt CWE.459.LEAKS-1
 +  85:  JDBC statement not closed: stmt CWE.771.LEAKS-1
 +  85:  JDBC statement not closed: stmt CWE.772.LEAKS-1
 +  85:  JDBC statement not closed: stmt OWASP2019.API4.LEAKS-1
87:  Line is longer than 80 characters: 109 APSC_DV.003215.LL-3
87:  Line is longer than 80 characters: 109 FORMAT.LL-3
87:  The method 'getByTitleLike' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
87:  'getByTitleLike ()' contains too many 'statements': 50 METRICS.NSTMT-3
87:  interface type 'ResultSet' is used MOBILE.AUI-3
87:  Formal parameter 'rs' is not declared as final CODSTA.BP.FPF-3
87:  Formal parameter 'titlePart' is not declared as final CODSTA.BP.FPF-3
87:  Exception 'InstantiationException' is not thrown in the body of method 'getByTitleLike' GLOBAL.AUT-2
88:  Line is longer than 80 characters: 83 APSC_DV.003215.LL-3
88:  Line is longer than 80 characters: 83 FORMAT.LL-3
88:  Exception 'IllegalAccessException' is not thrown in the body of method 'getByTitleLike' GLOBAL.AUT-2
88:  Exception 'ClassNotFoundException' is not thrown in the body of method 'getByTitleLike' GLOBAL.AUT-2
90:  Variable 'hasNext' does not end with 'boolean' NAMING.UHN-4
90:  The declaration of the local variable 'hasNext' is not followed by a comment CODSTA.READ.CLV-5
91:  The declaration of the local variable 'books' is not followed by a comment CODSTA.READ.CLV-5
91:  Consider using an 'ArrayList' instead of a 'Vector' here for efficiency OPT.SDLS-3
91:  Initial container capacity is not specified OPT.DIC-3
93:  The declaration of the local variable 'query2' is not followed by a comment CODSTA.READ.CLV-5
93:  Concatenating strings CERT.STR00.COS-3
93:  Non internationalized string: "SELECT " INTER.ITT-3
93:  Concatenating strings INTER.COS-5
93:  The String literal "SELECT " is used SECURITY.WSC.SL-3
94:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
94:  Single character '.' using double quotes in string concatenation OPT.STR-3
94:  The String literal "." is used SECURITY.WSC.SL-3
94:  The String literal " as " is used SECURITY.WSC.SL-3
94:  Non internationalized string: " as " INTER.ITT-3
95:  Non internationalized string: " FROM " INTER.ITT-3
95:  The String literal " FROM " is used SECURITY.WSC.SL-3
96:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
96:  Single character ',' using double quotes in string concatenation OPT.STR-3
96:  The String literal "," is used SECURITY.WSC.SL-3
97:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
97:  Single character ',' using double quotes in string concatenation OPT.STR-3
97:  The String literal "," is used SECURITY.WSC.SL-3
99:  The String literal " WHERE " is used SECURITY.WSC.SL-3
99:  Non internationalized string: " WHERE " INTER.ITT-3
100:  Line is longer than 80 characters: 82 APSC_DV.003215.LL-3
100:  Line is longer than 80 characters: 82 FORMAT.LL-3
100:  Non internationalized string: "LCASE(" INTER.ITT-3
100:  The String literal "LCASE(" is used SECURITY.WSC.SL-3
100:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
100:  Single character '.' using double quotes in string concatenation OPT.STR-3
100:  The String literal "." is used SECURITY.WSC.SL-3
100:  The String literal ")" is used SECURITY.WSC.SL-3
100:  Single character ')' using double quotes in string concatenation OPT.STR-3
100:  Non internationalized string: " LIKE ? AND " INTER.ITT-3
100:  The String literal " LIKE ? AND " is used SECURITY.WSC.SL-3
101:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
101:  Single character '.' using double quotes in string concatenation OPT.STR-3
101:  The String literal "." is used SECURITY.WSC.SL-3
101:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
101:  The String literal " = " is used SECURITY.WSC.SL-3
102:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
102:  Single character '.' using double quotes in string concatenation OPT.STR-3
102:  The String literal "." is used SECURITY.WSC.SL-3
102:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
102:  Non internationalized string: " AND " INTER.ITT-3
102:  The String literal " AND " is used SECURITY.WSC.SL-3
103:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
103:  Non internationalized string: ".publisher_id = " INTER.ITT-3
103:  The String literal ".publisher_id = " is used SECURITY.WSC.SL-3
104:  The String literal "." is used SECURITY.WSC.SL-3
104:  Single character '.' using double quotes in string concatenation OPT.STR-3
104:  Non internationalized string: " AND " INTER.ITT-3
104:  The String literal " AND " is used SECURITY.WSC.SL-3
105:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
105:  Single character '.' using double quotes in string concatenation OPT.STR-3
105:  The String literal "." is used SECURITY.WSC.SL-3
105:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
105:  The String literal " = ?" is used SECURITY.WSC.SL-3
106:  Consider using a "for" loop here CODSTA.READ.PFL-5
106:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
106:  Parenthesis not followed by 1 space FORMAT.SAP-3
107:  Local constant not declared "final": id CODSTA.READ.FLV-3
107:  Variable 'id' does not end with 'int' NAMING.UHN-4
107:  The declaration of the local variable 'id' is not followed by a comment CODSTA.READ.CLV-5
107:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
108:  The declaration of the local variable 'isbn' is not followed by a comment CODSTA.READ.CLV-5
108:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
109:  The declaration of the local variable 'title' is not followed by a comment CODSTA.READ.CLV-5
109:  field 'NL_TITLE' is used multiple times MOBILE.ACFM-3
110:  The declaration of the local variable 'year' is not followed by a comment CODSTA.READ.CLV-5
110:  Inspect usage of the 'Date' object 'year' SECURITY.BV.ADT-5
110:  field 'NL_YEAR' is used multiple times MOBILE.ACFM-3
111:  The declaration of the local variable 'publisher' is not followed by a comment CODSTA.READ.CLV-5
111:  field 'NL_PUBLISHER_NAME' is used multiple times MOBILE.ACFM-3
112:  The declaration of the local variable 'description' is not followed by a comment CODSTA.READ.CLV-5
112:  field 'NL_DESCRIPTION' is used multiple times MOBILE.ACFM-3
113:  The declaration of the local variable 'price' is not followed by a comment CODSTA.READ.CLV-5
113:  field 'NL_PRICE' is used multiple times MOBILE.ACFM-3
114:  Local constant not declared "final": stock CODSTA.READ.FLV-3
114:  Variable 'stock' does not end with 'int' NAMING.UHN-4
114:  The declaration of the local variable 'stock' is not followed by a comment CODSTA.READ.CLV-5
114:  field 'NL_STOCK' is used multiple times MOBILE.ACFM-3
116:  interface type 'PreparedStatement' is used MOBILE.AUI-3
116:  JDBC resource 'stmt2' is not closed in a "finally" block JDBC.RRWD-1
116:  The declaration of the local variable 'stmt2' is not followed by a comment CODSTA.READ.CLV-5
116:  field 'db' is used multiple times MOBILE.ACFM-3
116:  Non-local variable 'db' used inside loop body OPT.USV-4
117:  Line is longer than 80 characters: 92 APSC_DV.003215.LL-3
117:  Line is longer than 80 characters: 92 FORMAT.LL-3
117:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
117:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
117:  field 'TYPE_SCROLL_INSENSITIVE' is used multiple times MOBILE.ACFM-3
118:  Line is longer than 80 characters: 87 APSC_DV.003215.LL-3
118:  Line is longer than 80 characters: 87 FORMAT.LL-3
118:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
118:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
118:  field 'CONCUR_UPDATABLE' is used multiple times MOBILE.ACFM-3
119:  Concatenating strings CERT.STR00.COS-3
119:  Single character '%' using double quotes in string concatenation OPT.STR-3
119:  Concatenating strings INTER.COS-5
119:  The String literal "%" is used SECURITY.WSC.SL-3
119:  The 'toLowerCase' method is called without the java.util.Locale parameter CERT.STR02.CCL-2
119:  The 'toLowerCase' method is called without the java.util.Locale parameter INTER.CCL-3
119:  Single character '%' using double quotes in string concatenation OPT.STR-3
119:  The String literal "%" is used SECURITY.WSC.SL-3
 +  120:  The "getString()" method returns tainted data that should be validated before use APSC_DV.002500.VPPD-2
 +  120:  The "getString()" method returns tainted data that should be validated before use BD.SECURITY.VPPD-2
 +  120:  The "getString()" method returns tainted data that should be validated before use CERT.IDS11.VPPD-1
 +  120:  The "getString()" method returns tainted data that should be validated before use CWE.352.VPPD-2
 +  120:  The "getString()" method returns tainted data that should be validated before use CWE.79.VPPD-2
 +  120:  The "getString()" method returns tainted data that should be validated before use PCIDSS32.659.VPPD-2
121:  interface type 'ResultSet' is used MOBILE.AUI-3
121:  JDBC resource 'rs2' is not closed in a "finally" block JDBC.RRWD-1
121:  Variable 'rs2' is not declared at the beginning of the block CODSTA.READ.PDBB-4
121:  The declaration of the local variable 'rs2' is not followed by a comment CODSTA.READ.CLV-5
122:  Variable 'hasMore' is not declared at the beginning of the block CODSTA.READ.PDBB-4
122:  Variable 'hasMore' does not end with 'boolean' NAMING.UHN-4
122:  The declaration of the local variable 'hasMore' is not followed by a comment CODSTA.READ.CLV-5
123:  Variable 'authors' is not declared at the beginning of the block CODSTA.READ.PDBB-4
123:  The declaration of the local variable 'authors' is not followed by a comment CODSTA.READ.CLV-5
123:  Consider using an 'ArrayList' instead of a 'Vector' here for efficiency OPT.SDLS-3
123:  Initial container capacity is not specified OPT.DIC-3
125:  Consider using a "for" loop here CODSTA.READ.PFL-5
125:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
125:  Parenthesis not followed by 1 space FORMAT.SAP-3
126:  The declaration of the local variable 'author' is not followed by a comment CODSTA.READ.CLV-5
126:  field 'NL_AUTHOR_NAME' is used multiple times MOBILE.ACFM-3
127:  Calling synchronized method 'add' inside of a loop OPT.SYN-3
 +  127:  The "getString()" method returns tainted data that should be validated before use APSC_DV.002500.VPPD-2
 +  127:  The "getString()" method returns tainted data that should be validated before use BD.SECURITY.VPPD-2
 +  127:  The "getString()" method returns tainted data that should be validated before use CERT.IDS11.VPPD-1
 +  127:  The "getString()" method returns tainted data that should be validated before use CWE.352.VPPD-2
 +  127:  The "getString()" method returns tainted data that should be validated before use CWE.79.VPPD-2
 +  127:  The "getString()" method returns tainted data that should be validated before use PCIDSS32.659.VPPD-2
129:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
131:  Place the [] after the array type, not after the variable: arrayOfAuthors APSC_DV.003215.IAD-3
131:  Place the [] after the array type, not after the variable: arrayOfAuthors FORMAT.IAD-3
131:  Variable 'arrayOfAuthors' is not declared at the beginning of the block CODSTA.READ.PDBB-4
131:  The declaration of the local variable 'arrayOfAuthors' is not followed by a comment CODSTA.READ.CLV-5
131:  'OutOfMemoryError' should be caught for potentially large array allocations MOBILE.J2ME.OOME-3
131:  Calling synchronized method 'size' inside of a loop OPT.SYN-3
133:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
133:  Parenthesis not followed by 1 space FORMAT.SAP-3
133:  Variable 'i' does not end with 'int' NAMING.UHN-4
133:  'arrayOfAuthors.length' should not be used in a loop condition expression MOBILE.J2ME.ARLL-3
133:  field 'length' is used multiple times MOBILE.ACFM-3
133:  Non-local variable 'length' used inside loop body OPT.USV-4
134:  Calling synchronized method 'elementAt' inside of a loop OPT.SYN-3
135:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
137:  Line is longer than 80 characters: 82 APSC_DV.003215.LL-3
137:  Line is longer than 80 characters: 82 FORMAT.LL-3
137:  Variable 'book' is not declared at the beginning of the block CODSTA.READ.PDBB-4
137:  The declaration of the local variable 'book' is not followed by a comment CODSTA.READ.CLV-5
 +  137:  The "getInt()" method returns tainted data that should be validated before use APSC_DV.002500.VPPD-2
 +  137:  The "getInt()" method returns tainted data that should be validated before use BD.SECURITY.VPPD-2
 +  137:  The "getInt()" method returns tainted data that should be validated before use CERT.IDS11.VPPD-1
 +  137:  The "getInt()" method returns tainted data that should be validated before use CWE.352.VPPD-2
 +  137:  The "getInt()" method returns tainted data that should be validated before use CWE.79.VPPD-2
 +  137:  The "getInt()" method returns tainted data that should be validated before use PCIDSS32.659.VPPD-2
138:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
138:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
139:  Calling synchronized method 'add' inside of a loop OPT.SYN-3
141:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
143:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
143:  Parenthesis not followed by 1 space FORMAT.SAP-3
144:  interface type 'Enumeration' is used MOBILE.AUI-3
144:  The declaration of the local variable 'enum_var' is not followed by a comment CODSTA.READ.CLV-5
145:  Consider using a "for" loop here CODSTA.READ.PFL-5
145:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
145:  Parenthesis not followed by 1 space FORMAT.SAP-3
146:  Variable name 'b' is not of type "byte" NAMING.CVN-4
146:  The length of the identifier "b" is less than the minimum length (2) NAMING.LLI-4
147:  Line is longer than 80 characters: 102 APSC_DV.003215.LL-3
147:  Line is longer than 80 characters: 102 FORMAT.LL-3
147:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
147:  Parenthesis not followed by 1 space FORMAT.SAP-3
147:  Missing '()' to separate complex expression APSC_DV.003215.APAREN-3
147:  The return value of 'getBook()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
147:  Missing '()' to separate complex expression FORMAT.APAREN-3
147:  Missing '()' to separate complex expression APSC_DV.003215.APAREN-3
147:  The return value of 'getName()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
147:  The return value of 'getBook()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
147:  Missing '()' to separate complex expression FORMAT.APAREN-3
148:  Calling synchronized method 'add' inside of a loop OPT.SYN-3
149:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
150:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
151:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
153:  Place the [] after the array type, not after the variable: arrayOfBooks APSC_DV.003215.IAD-3
153:  Place the [] after the array type, not after the variable: arrayOfBooks FORMAT.IAD-3
153:  Variable 'arrayOfBooks' is not declared at the beginning of the block CODSTA.READ.PDBB-4
153:  The declaration of the local variable 'arrayOfBooks' is not followed by a comment CODSTA.READ.CLV-5
153:  'OutOfMemoryError' should be caught for potentially large array allocations MOBILE.J2ME.OOME-3
155:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
155:  Parenthesis not followed by 1 space FORMAT.SAP-3
155:  Variable 'i' does not end with 'int' NAMING.UHN-4
155:  'arrayOfBooks.length' should not be used in a loop condition expression MOBILE.J2ME.ARLL-3
155:  field 'length' is used multiple times MOBILE.ACFM-3
156:  Calling synchronized method 'elementAt' inside of a loop OPT.SYN-3
157:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
159:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
159:  Parenthesis not followed by 1 space FORMAT.SAP-3
160:  Line is longer than 80 characters: 81 APSC_DV.003215.LL-3
160:  Line is longer than 80 characters: 81 FORMAT.LL-3
160:  Concatenating strings CERT.STR00.COS-3
160:  Concatenating strings INTER.COS-5
160:  The String literal "no books with titles containing '" is used SECURITY.WSC.SL-3
161:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
161:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
161:  The String literal "' were found" is used SECURITY.WSC.SL-3
162:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
166:  No JUnit test method defined for 'getById()' JUNIT.TEST-2
166:  The method 'getById' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
166:  Missing Javadoc comment for method 'getById()' JAVADOC.PJDM-3
166:  Globally unused "public" method: getById() GLOBAL.UPPM-4
166:  Formal parameter 'id' is not declared as final CODSTA.BP.FPF-3
166:  Variable 'id' does not end with 'int' NAMING.UHN-4
167:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
167:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
172:  Opening brace '{' is not on the same line as the method declaration APSC_DV.003215.FCB-3
172:  Opening brace '{' is not on the same line as the method declaration FORMAT.FCB-3
173:  The local variable 'db' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
173:  Local variable 'db' has the same name as a field OOP.HMF-3
173:  The declaration of the local variable 'db' is not followed by a comment CODSTA.READ.CLV-5
174:  The declaration of the local variable 'query' is not followed by a comment CODSTA.READ.CLV-5
174:  Concatenating strings CERT.STR00.COS-3
174:  Non internationalized string: "SELECT " INTER.ITT-3
174:  Concatenating strings INTER.COS-5
174:  The String literal "SELECT " is used SECURITY.WSC.SL-3
174:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
174:  Single character '.' using double quotes in string concatenation OPT.STR-3
174:  The String literal "." is used SECURITY.WSC.SL-3
174:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
174:  Single character ',' using double quotes in string concatenation OPT.STR-3
174:  The String literal "," is used SECURITY.WSC.SL-3
175:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
175:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
175:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
175:  Single character '.' using double quotes in string concatenation OPT.STR-3
175:  The String literal "." is used SECURITY.WSC.SL-3
175:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
175:  Single character ',' using double quotes in string concatenation OPT.STR-3
175:  The String literal "," is used SECURITY.WSC.SL-3
176:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
176:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
176:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
176:  Single character '.' using double quotes in string concatenation OPT.STR-3
176:  The String literal "." is used SECURITY.WSC.SL-3
176:  The String literal "," is used SECURITY.WSC.SL-3
176:  Single character ',' using double quotes in string concatenation OPT.STR-3
177:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
177:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
177:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
177:  Single character '.' using double quotes in string concatenation OPT.STR-3
177:  The String literal "." is used SECURITY.WSC.SL-3
177:  The String literal "," is used SECURITY.WSC.SL-3
177:  Single character ',' using double quotes in string concatenation OPT.STR-3
178:  Line is longer than 80 characters: 106 APSC_DV.003215.LL-3
178:  Line is longer than 80 characters: 106 FORMAT.LL-3
178:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
178:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
178:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
178:  Single character '.' using double quotes in string concatenation OPT.STR-3
178:  The String literal "." is used SECURITY.WSC.SL-3
178:  The String literal " as " is used SECURITY.WSC.SL-3
178:  Non internationalized string: " as " INTER.ITT-3
178:  Single character ',' using double quotes in string concatenation OPT.STR-3
178:  The String literal "," is used SECURITY.WSC.SL-3
179:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
179:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
179:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
179:  Single character '.' using double quotes in string concatenation OPT.STR-3
179:  The String literal "." is used SECURITY.WSC.SL-3
179:  The String literal "," is used SECURITY.WSC.SL-3
179:  Single character ',' using double quotes in string concatenation OPT.STR-3
180:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
180:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
180:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
180:  Single character '.' using double quotes in string concatenation OPT.STR-3
180:  The String literal "." is used SECURITY.WSC.SL-3
180:  The String literal "," is used SECURITY.WSC.SL-3
180:  Single character ',' using double quotes in string concatenation OPT.STR-3
181:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
181:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
181:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
181:  Single character '.' using double quotes in string concatenation OPT.STR-3
181:  The String literal "." is used SECURITY.WSC.SL-3
182:  The String literal " FROM " is used SECURITY.WSC.SL-3
182:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
182:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
182:  Non internationalized string: " FROM " INTER.ITT-3
182:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
182:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
182:  Single character ',' using double quotes in string concatenation OPT.STR-3
182:  The String literal "," is used SECURITY.WSC.SL-3
183:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
183:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
183:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
183:  Single character ',' using double quotes in string concatenation OPT.STR-3
183:  The String literal "," is used SECURITY.WSC.SL-3
184:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
184:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
184:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
185:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
185:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
185:  Non internationalized string: " WHERE " INTER.ITT-3
185:  The String literal " WHERE " is used SECURITY.WSC.SL-3
185:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
185:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
185:  Single character '.' using double quotes in string concatenation OPT.STR-3
185:  The String literal "." is used SECURITY.WSC.SL-3
185:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
185:  Non internationalized string: " = ? AND " INTER.ITT-3
185:  The String literal " = ? AND " is used SECURITY.WSC.SL-3
186:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
186:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
186:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
186:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
186:  Single character '.' using double quotes in string concatenation OPT.STR-3
186:  The String literal "." is used SECURITY.WSC.SL-3
186:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
186:  The String literal " = " is used SECURITY.WSC.SL-3
187:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
187:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
187:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
187:  Single character '.' using double quotes in string concatenation OPT.STR-3
187:  The String literal "." is used SECURITY.WSC.SL-3
187:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
187:  Non internationalized string: " AND " INTER.ITT-3
187:  The String literal " AND " is used SECURITY.WSC.SL-3
188:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
188:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
188:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
188:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
188:  Non internationalized string: ".publisher_id = " INTER.ITT-3
188:  The String literal ".publisher_id = " is used SECURITY.WSC.SL-3
189:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
189:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
189:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
189:  Single character '.' using double quotes in string concatenation OPT.STR-3
189:  The String literal "." is used SECURITY.WSC.SL-3
189:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
190:  interface type 'PreparedStatement' is used MOBILE.AUI-3
190:  JDBC resource 'stmt' is not closed in a "finally" block JDBC.RRWD-1
190:  The declaration of the local variable 'stmt' is not followed by a comment CODSTA.READ.CLV-5
191:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
191:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
192:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
192:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
194:  interface type 'ResultSet' is used MOBILE.AUI-3
194:  JDBC resource 'rs' is not closed in a "finally" block JDBC.RRWD-1
194:  Variable 'rs' is not declared at the beginning of the block CODSTA.READ.PDBB-4
194:  The declaration of the local variable 'rs' is not followed by a comment CODSTA.READ.CLV-5
195:  Local constant not declared "final": exists CODSTA.READ.FLV-3
195:  Variable 'exists' is not declared at the beginning of the block CODSTA.READ.PDBB-4
195:  Variable 'exists' does not end with 'boolean' NAMING.UHN-4
195:  The declaration of the local variable 'exists' is not followed by a comment CODSTA.READ.CLV-5
196:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
196:  Parenthesis not followed by 1 space FORMAT.SAP-3
197:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
197:  Parenthesis not followed by 1 space FORMAT.SAP-3
198:  interface type 'Enumeration' is used MOBILE.AUI-3
198:  The declaration of the local variable 'enum_var' is not followed by a comment CODSTA.READ.CLV-5
199:  Consider using a "for" loop here CODSTA.READ.PFL-5
199:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
199:  Parenthesis not followed by 1 space FORMAT.SAP-3
200:  Variable name 'b' is not of type "byte" NAMING.CVN-4
200:  The length of the identifier "b" is less than the minimum length (2) NAMING.LLI-4
201:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
201:  Parenthesis not followed by 1 space FORMAT.SAP-3
201:  The return value of 'getBook()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
204:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
205:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
206:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
207:  Concatenating strings CERT.STR00.COS-3
207:  Concatenating strings INTER.COS-5
207:  The String literal "no book with the id " is used SECURITY.WSC.SL-3
207:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
208:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
208:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
208:  The String literal " was found" is used SECURITY.WSC.SL-3
209:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
210:  Variable 'isbn' is not declared at the beginning of the block CODSTA.READ.PDBB-4
210:  The declaration of the local variable 'isbn' is not followed by a comment CODSTA.READ.CLV-5
210:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
211:  Variable 'title' is not declared at the beginning of the block CODSTA.READ.PDBB-4
211:  The declaration of the local variable 'title' is not followed by a comment CODSTA.READ.CLV-5
212:  Variable 'year' is not declared at the beginning of the block CODSTA.READ.PDBB-4
212:  The declaration of the local variable 'year' is not followed by a comment CODSTA.READ.CLV-5
212:  Inspect usage of the 'Date' object 'year' SECURITY.BV.ADT-5
213:  Variable 'publisher' is not declared at the beginning of the block CODSTA.READ.PDBB-4
213:  The declaration of the local variable 'publisher' is not followed by a comment CODSTA.READ.CLV-5
214:  Variable 'description' is not declared at the beginning of the block CODSTA.READ.PDBB-4
214:  The declaration of the local variable 'description' is not followed by a comment CODSTA.READ.CLV-5
215:  Variable 'price' is not declared at the beginning of the block CODSTA.READ.PDBB-4
215:  The declaration of the local variable 'price' is not followed by a comment CODSTA.READ.CLV-5
216:  Local constant not declared "final": stock CODSTA.READ.FLV-3
216:  Variable 'stock' is not declared at the beginning of the block CODSTA.READ.PDBB-4
216:  Variable 'stock' does not end with 'int' NAMING.UHN-4
216:  The declaration of the local variable 'stock' is not followed by a comment CODSTA.READ.CLV-5
217:  Line is longer than 80 characters: 95 APSC_DV.003215.LL-3
217:  Line is longer than 80 characters: 95 FORMAT.LL-3
217:  Variable 'query2' is not declared at the beginning of the block CODSTA.READ.PDBB-4
217:  The declaration of the local variable 'query2' is not followed by a comment CODSTA.READ.CLV-5
217:  Concatenating strings CERT.STR00.COS-3
217:  Non internationalized string: "SELECT " INTER.ITT-3
217:  Concatenating strings INTER.COS-5
217:  The String literal "SELECT " is used SECURITY.WSC.SL-3
217:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
217:  Single character '.' using double quotes in string concatenation OPT.STR-3
217:  The String literal "." is used SECURITY.WSC.SL-3
217:  The String literal " as " is used SECURITY.WSC.SL-3
217:  Non internationalized string: " as " INTER.ITT-3
218:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
218:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
218:  Non internationalized string: " FROM " INTER.ITT-3
218:  The String literal " FROM " is used SECURITY.WSC.SL-3
218:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
218:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
218:  Single character ',' using double quotes in string concatenation OPT.STR-3
218:  The String literal "," is used SECURITY.WSC.SL-3
219:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
219:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
219:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
219:  Single character ',' using double quotes in string concatenation OPT.STR-3
219:  The String literal "," is used SECURITY.WSC.SL-3
220:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
220:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
220:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
221:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
221:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
221:  Non internationalized string: " WHERE " INTER.ITT-3
221:  The String literal " WHERE " is used SECURITY.WSC.SL-3
221:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
221:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
221:  Single character '.' using double quotes in string concatenation OPT.STR-3
221:  The String literal "." is used SECURITY.WSC.SL-3
221:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
221:  Non internationalized string: " = ? AND " INTER.ITT-3
221:  The String literal " = ? AND " is used SECURITY.WSC.SL-3
222:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
222:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
222:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
222:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
222:  Single character '.' using double quotes in string concatenation OPT.STR-3
222:  The String literal "." is used SECURITY.WSC.SL-3
222:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
222:  The String literal " = " is used SECURITY.WSC.SL-3
223:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
223:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
223:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
223:  Single character '.' using double quotes in string concatenation OPT.STR-3
223:  The String literal "." is used SECURITY.WSC.SL-3
223:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
223:  Non internationalized string: " AND " INTER.ITT-3
223:  The String literal " AND " is used SECURITY.WSC.SL-3
224:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
224:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
224:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
224:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
224:  Non internationalized string: ".publisher_id = " INTER.ITT-3
224:  The String literal ".publisher_id = " is used SECURITY.WSC.SL-3
225:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
225:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
225:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
225:  Single character '.' using double quotes in string concatenation OPT.STR-3
225:  The String literal "." is used SECURITY.WSC.SL-3
225:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
226:  interface type 'PreparedStatement' is used MOBILE.AUI-3
226:  JDBC resource 'stmt2' is not closed in a "finally" block JDBC.RRWD-1
226:  Variable 'stmt2' is not declared at the beginning of the block CODSTA.READ.PDBB-4
226:  The declaration of the local variable 'stmt2' is not followed by a comment CODSTA.READ.CLV-5
227:  Line is longer than 80 characters: 88 APSC_DV.003215.LL-3
227:  Line is longer than 80 characters: 88 FORMAT.LL-3
227:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
227:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
228:  Line is longer than 80 characters: 82 APSC_DV.003215.LL-3
228:  Line is longer than 80 characters: 82 FORMAT.LL-3
228:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
228:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
230:  interface type 'ResultSet' is used MOBILE.AUI-3
230:  JDBC resource 'rs2' is not closed in a "finally" block JDBC.RRWD-1
230:  Variable 'rs2' is not declared at the beginning of the block CODSTA.READ.PDBB-4
230:  The declaration of the local variable 'rs2' is not followed by a comment CODSTA.READ.CLV-5
231:  Variable 'more2' is not declared at the beginning of the block CODSTA.READ.PDBB-4
231:  Variable 'more2' does not end with 'boolean' NAMING.UHN-4
231:  The declaration of the local variable 'more2' is not followed by a comment CODSTA.READ.CLV-5
232:  Variable 'authors' is not declared at the beginning of the block CODSTA.READ.PDBB-4
232:  The declaration of the local variable 'authors' is not followed by a comment CODSTA.READ.CLV-5
232:  Consider using an 'ArrayList' instead of a 'Vector' here for efficiency OPT.SDLS-3
232:  Initial container capacity is not specified OPT.DIC-3
233:  Consider using a "for" loop here CODSTA.READ.PFL-5
233:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
233:  Parenthesis not followed by 1 space FORMAT.SAP-3
234:  The declaration of the local variable 'author' is not followed by a comment CODSTA.READ.CLV-5
234:  field 'NL_AUTHOR_NAME' is used multiple times MOBILE.ACFM-3
235:  Calling synchronized method 'add' inside of a loop OPT.SYN-3
 +  235:  The "getString()" method returns tainted data that should be validated before use APSC_DV.002500.VPPD-2
 +  235:  The "getString()" method returns tainted data that should be validated before use BD.SECURITY.VPPD-2
 +  235:  The "getString()" method returns tainted data that should be validated before use CERT.IDS11.VPPD-1
 +  235:  The "getString()" method returns tainted data that should be validated before use CWE.352.VPPD-2
 +  235:  The "getString()" method returns tainted data that should be validated before use CWE.79.VPPD-2
 +  235:  The "getString()" method returns tainted data that should be validated before use PCIDSS32.659.VPPD-2
237:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
238:  Place the [] after the array type, not after the variable: arr APSC_DV.003215.IAD-3
238:  Place the [] after the array type, not after the variable: arr FORMAT.IAD-3
238:  Variable name 'arr' does not match user-specified regular expression '(s|List|Set|Array|Table)$' for array and collection variables NAMING.NAC-3
238:  Variable 'arr' is not declared at the beginning of the block CODSTA.READ.PDBB-4
238:  The declaration of the local variable 'arr' is not followed by a comment CODSTA.READ.CLV-5
238:  'OutOfMemoryError' should be caught for potentially large array allocations MOBILE.J2ME.OOME-3
239:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
239:  Parenthesis not followed by 1 space FORMAT.SAP-3
239:  Variable 'i' does not end with 'int' NAMING.UHN-4
239:  'arr.length' should not be used in a loop condition expression MOBILE.J2ME.ARLL-3
239:  field 'length' is used multiple times MOBILE.ACFM-3
240:  Calling synchronized method 'elementAt' inside of a loop OPT.SYN-3
241:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
 +  243:  The "getInt()" method returns tainted data that should be validated before use APSC_DV.002500.VPPD-2
 +  243:  The "getInt()" method returns tainted data that should be validated before use BD.SECURITY.VPPD-2
 +  243:  The "getInt()" method returns tainted data that should be validated before use CERT.IDS11.VPPD-1
 +  243:  The "getInt()" method returns tainted data that should be validated before use CWE.352.VPPD-2
 +  243:  The "getInt()" method returns tainted data that should be validated before use CWE.79.VPPD-2
 +  243:  The "getInt()" method returns tainted data that should be validated before use PCIDSS32.659.VPPD-2
244:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
244:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
247:  No JUnit test method defined for 'addNewItem()' JUNIT.TEST-2
247:  Missing Javadoc comment for method 'addNewItem()' JAVADOC.PJDM-3
247:  Globally unused "public" method: addNewItem() GLOBAL.UPPM-4
247:  Formal parameter 'tempbook' is not declared as final CODSTA.BP.FPF-3
247:  Throwing explicit 'Exception' object in 'addNewItem()' APSC_DV.001460.NTX-2
247:  Throwing explicit 'Exception' object in 'addNewItem()' CERT.ERR07.NTX-3
247:  Throwing explicit 'Exception' object in 'addNewItem()' CODSTA.BP.NTX-3
247:  Throwing explicit 'Exception' object in 'addNewItem()' CWE.397.NTX-3
247:  Throwing explicit 'Exception' object in 'addNewItem()' OWASP2017.A6.NTX-3
247:  Throwing explicit 'Exception' object in 'addNewItem()' OWASP2021.A5.NTX-3
247:  Throwing explicit 'Exception' object in 'addNewItem()' OWASP2019.API7.NTX-5
248:  Lazy initialization is not thread-safe: addedBooks CERT.MSC07.ILI-3
248:  Lazy initialization is not thread-safe: addedBooks CWE.543.ILI-3
248:  Lazy initialization is not thread-safe: addedBooks TRS.ILI-3
248:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
248:  Parenthesis not followed by 1 space FORMAT.SAP-3
249:  This code may not be thread-safe; setting and accessing the field 'addedBooks' may require synchronization CERT.LCK05.IASF-3
249:  This code may not be thread-safe; setting and accessing the field 'addedBooks' may require synchronization CWE.543.IASF-3
249:  This code may not be thread-safe; setting and accessing the field 'addedBooks' may require synchronization TRS.IASF-3
249:  Hashtable 'addedBooks' may have improved performance as a ConcurrentHashMap TRS.CHM-5
249:  Initial container capacity is not specified OPT.DIC-3
250:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
251:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
251:  Parenthesis not followed by 1 space FORMAT.SAP-3
252:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
252:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
252:  Avoid throwing 'Exception' CWE.397.NTERR-3
252:  Avoid throwing 'Exception' EXCEPT.NTERR-3
252:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
252:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
252:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
252:  Concatenating strings CERT.STR00.COS-3
252:  Concatenating strings INTER.COS-5
252:  The String literal "Too many books (" is used SECURITY.WSC.SL-3
252:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
253:  Line is longer than 80 characters: 160 APSC_DV.003215.LL-3
253:  Line is longer than 80 characters: 160 FORMAT.LL-3
253:  The String literal ") have been added already. Added books are removed as soon as the session of the user who added them expires, after 20 minutes of inactivity" is used SECURITY.WSC.SL-3
254:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
255:  Unnecessary instantiation of 'Integer' object OPT.PRIM-3
255:  The return value of 'getBook()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
256:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
259:  No JUnit test method defined for 'clearAddedBooks()' JUNIT.TEST-2
259:  Missing Javadoc comment for method 'clearAddedBooks()' JAVADOC.PJDM-3
259:  Globally unused "public" method: clearAddedBooks() GLOBAL.UPPM-4
259:  "synchronized" modifier used in method declaration: clearAddedBooks() TRS.NSM-5
259:  Formal parameter 'tempbook' is not declared as final CODSTA.BP.FPF-3
260:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
260:  Parenthesis not followed by 1 space FORMAT.SAP-3
261:  The declaration of the local variable 'book' is not followed by a comment CODSTA.READ.CLV-5
262:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
263:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
266:  File should be terminated by a newline character APSC_DV.003215.TNL-3
266:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore/BookStoreMemoryDB.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
8:  'clone()' method is missing CERT.OBJ07.MCNC-2
8:  Missing Javadoc tag '@since' for class 'BookStoreMemoryDB' JAVADOC.ECTT-3
8:  Globally unused "public" class: com.parasoft.bookstore.BookStoreMemoryDB GLOBAL.UPPC-4
8:  Missing '@author' Javadoc tag: BookStoreMemoryDB JAVADOC.MAJDT-4
8:  The immutable class not declared 'final' SECURITY.WSC.FIMU-4
8:  'writeObject()' method is missing CWE.499.SER-5
8:  'clone()' method is missing SECURITY.WSC.MCNC-5
8:  'writeObject()' method is missing SECURITY.WSC.SER-5
8:  "public" class without an '@invariant' contract: BookStoreMemoryDB DBC.PUBC-3
8:  Missing '@version' Javadoc tag: BookStoreMemoryDB JAVADOC.MVJDT-3
8:  'readObject()' method is missing SECURITY.WSC.DSER-5
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
9:  The 'db' field of the immutable class is not declared final SECURITY.WSC.FIMU-4
17:  Constructor 'BookStoreMemoryDB' throws 'SQLException, InstantiationException, IllegalAccessException, ClassNotFoundException' CERT.OBJ11.EPNFC-1
17:  No JUnit test method defined for 'BookStoreMemoryDB()' JUNIT.TEST-2
17:  'public' constructor declared CODSTA.BP.CMUTA-3
17:  Constructor 'BookStoreMemoryDB' throws 'SQLException, InstantiationException, IllegalAccessException, ClassNotFoundException' EXCEPT.EPNFC-3
17:  Missing Javadoc tag '@since' for method 'BookStoreMemoryDB()' JAVADOC.ECTM-3
17:  The constructor 'BookStoreMemoryDB' is more accessible than the constructor in its superclass SECURITY.WSC.AMA-3
17:  Constructor 'BookStoreMemoryDB()' should be declared "private" CWE.749.DPPM-4
17:  Constructor 'BookStoreMemoryDB()' should be declared "private" GLOBAL.DPPM-4
17:  Flag not present SECURITY.WSC.INIVF-4
17:  "public" method without a '@post' contract: BookStoreMemoryDB () DBC.PUBMPOST-3
17:  "public" method without a '@pre' contract: BookStoreMemoryDB DBC.PUBMPRE-3
17:  This constructor for class 'BookStoreMemoryDB' does not need to be explicitly defined PB.USC.EPC-3
18:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
18:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
22:  Opening brace '{' is not on the same line as the constructor declaration APSC_DV.003215.FCB-3
22:  Opening brace '{' is not on the same line as the constructor declaration FORMAT.FCB-3
27:  No JUnit test method defined for 'getDBInstance()' JUNIT.TEST-2
27:  Elements in 'BookStoreMemoryDB' not ordered appropriately, first violation: method 'getDBInstance' at line 27 should be placed before constructor 'BookStoreMemoryDB' at line 11 CODSTA.ORG.FO-3
27:  The method 'getDBInstance' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
27:  Missing Javadoc comment for method 'getDBInstance()' JAVADOC.PJDM-3
27:  Globally unused "public" method: getDBInstance() GLOBAL.UPPM-4
28:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
28:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
32:  Opening brace '{' is not on the same line as the method declaration APSC_DV.003215.FCB-3
32:  Opening brace '{' is not on the same line as the method declaration FORMAT.FCB-3
33:  Lazy initialization is not thread-safe: db CERT.MSC07.ILI-3
33:  Lazy initialization is not thread-safe: db CWE.543.ILI-3
33:  Lazy initialization is not thread-safe: db TRS.ILI-3
33:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
33:  Parenthesis not followed by 1 space FORMAT.SAP-3
34:  This code may not be thread-safe; setting and accessing the field 'db' may require synchronization CERT.LCK05.IASF-3
34:  This code may not be thread-safe; setting and accessing the field 'db' may require synchronization CWE.543.IASF-3
34:  This code may not be thread-safe; setting and accessing the field 'db' may require synchronization TRS.IASF-3
35:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
38:  File should be terminated by a newline character APSC_DV.003215.TNL-3
38:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore/CartManager.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
8:  "import java.util.concurrent.ConcurrentHashMap" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
8:  "import java.util.concurrent.ConcurrentHashMap" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
8:  "import" not presented in alphabetical order: java.util.concurrent.ConcurrentHashMap CODSTA.ORG.ORIMP-5
9:  "import java.util.concurrent.atomic.AtomicInteger" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
9:  "import java.util.concurrent.atomic.AtomicInteger" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
11:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
11:  Use 2 blank lines before type declaration FORMAT.BLCD-3
11:  Public clone method missing CERT.OBJ05.MUCOP-1
11:  Static creation method missing CERT.OBJ05.MUCOP-1
11:  Copy constructor missing CERT.OBJ05.MUCOP-1
11:  Public clone method missing CERT.OBJ06.MUCOP-2
11:  Static creation method missing CERT.OBJ06.MUCOP-2
11:  Copy constructor missing CERT.OBJ06.MUCOP-2
11:  'clone()' method is missing CERT.OBJ07.MCNC-2
11:  Public clone method missing CERT.OBJ04.MUCOP-3
11:  Static creation method missing CERT.OBJ04.MUCOP-3
11:  Copy constructor missing CERT.OBJ04.MUCOP-3
11:  CartManager has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
11:  getter method without an @invariant contract: getCart() DBC.IGM-3
11:  getter method without an @invariant contract: getCartId() DBC.IGM-3
11:  getter method without an @invariant contract: getItem() DBC.IGM-3
11:  Missing Javadoc comment for 'CartManager' JAVADOC.PJDC-3
11:  Public clone method missing OOP.MUCOP-3
11:  Static creation method missing OOP.MUCOP-3
11:  Copy constructor missing OOP.MUCOP-3
11:  Globally unused "public" class: com.parasoft.bookstore.CartManager GLOBAL.UPPC-4
11:  'writeObject()' method is missing CWE.499.SER-5
11:  'clone()' method is missing SECURITY.WSC.MCNC-5
11:  'writeObject()' method is missing SECURITY.WSC.SER-5
11:  Number of Javadoc comments are below thresholds (%): 10.0 METRICS.PJDC-3
11:  'readObject()' method is missing SECURITY.WSC.DSER-5
12:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
12:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
12:  interface type 'Map' is used MOBILE.AUI-3
12:  interface type 'List' is used MOBILE.AUI-3
12:  Constant value should be declared "final": cartIdToOrderMap CODSTA.READ.FF-3
12:  Found "static" variable of type "Map" or "Collection": 'cartIdToOrderMap' GC.STV-3
13:  Line is longer than 80 characters: 83 APSC_DV.003215.LL-3
13:  Line is longer than 80 characters: 83 FORMAT.LL-3
13:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
13:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
13:  interface type 'List' is used MOBILE.AUI-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
14:  Constant value should be declared "final": generatedNewCartId CODSTA.READ.FF-3
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
15:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
16:  interface type 'List' is used MOBILE.AUI-3
16:  Missing 'getList()' method for field 'list' BEAN.NFM-4
16:  Missing 'setList()' method for field 'list' BEAN.NFM-4
18:  Field 'list', declared on line 16, is not initialized in this constructor nor in its declaration INIT.CSI-4
18:  Field 'cartId', declared on line 15, is not initialized in this constructor nor in its declaration INIT.CSI-4
18:  No JUnit test method defined for 'CartManager()' JUNIT.TEST-2
18:  Missing Javadoc comment for method 'CartManager()' JAVADOC.PJDM-3
22:  Constructor 'CartManager' throws 'Exception' CERT.OBJ11.EPNFC-1
22:  No JUnit test method defined for 'CartManager()' JUNIT.TEST-2
22:  Constructor 'CartManager' throws 'Exception' EXCEPT.EPNFC-3
22:  Missing Javadoc comment for method 'CartManager()' JAVADOC.PJDM-3
22:  Method 'CartManager' performs compound action on "synchronized" collection 'cartIdToOrderMap' TRS.CMA-3
22:  Globally unused "public" constructor CartManager() GLOBAL.UPPM-4
22:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
22:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
22:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
22:  Parameter 'cartId' has the same name as a field OOP.HMF-3
22:  Throwing explicit 'Exception' object in 'CartManager()' APSC_DV.001460.NTX-2
22:  Throwing explicit 'Exception' object in 'CartManager()' CERT.ERR07.NTX-3
22:  Throwing explicit 'Exception' object in 'CartManager()' CODSTA.BP.NTX-3
22:  Throwing explicit 'Exception' object in 'CartManager()' CWE.397.NTX-3
22:  Throwing explicit 'Exception' object in 'CartManager()' OWASP2017.A6.NTX-3
22:  Throwing explicit 'Exception' object in 'CartManager()' OWASP2021.A5.NTX-3
22:  Throwing explicit 'Exception' object in 'CartManager()' OWASP2019.API7.NTX-5
23:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
23:  Parenthesis not followed by 1 space FORMAT.SAP-3
23:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
24:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
24:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
24:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
24:  Avoid throwing 'Exception' CWE.397.NTERR-3
24:  Avoid throwing 'Exception' EXCEPT.NTERR-3
24:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
24:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
24:  Concatenating strings CERT.STR00.COS-3
24:  Concatenating strings INTER.COS-5
24:  The String literal "cartId: " is used SECURITY.WSC.SL-3
25:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
25:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
25:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
25:  The String literal " doesn't exist." is used SECURITY.WSC.SL-3
26:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
27:  Calling the method 'setCartId()' in the constructor could cause an unexpected NullPointerException CODSTA.EPC.NCNFC-2
27:  Non-"final", non-"static", and non-"private" method 'setCartId()' called from inside constructor 'CartManager' PB.CUB.CTOR-4
28:  Non-"final", non-"static", and non-"private" method 'setItem()' called from inside constructor 'CartManager' PB.CUB.CTOR-4
28:  Calling the method 'setItem()' in the constructor could cause an unexpected NullPointerException CODSTA.EPC.NCNFC-2
28:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
31:  Globally unused "public" method: addNewItemToCart() GLOBAL.UPPM-4
31:  No JUnit test method defined for 'addNewItemToCart()' JUNIT.TEST-2
31:  Missing Javadoc comment for method 'addNewItemToCart()' JAVADOC.PJDM-3
31:  Formal parameter 'order' is not declared as final CODSTA.BP.FPF-3
32:  interface type 'List' is used MOBILE.AUI-3
32:  The local variable 'list' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
32:  Local variable 'list' has the same name as a field OOP.HMF-3
32:  The declaration of the local variable 'list' is not followed by a comment CODSTA.READ.CLV-5
32:  Initial container capacity is not specified OPT.DIC-3
34:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
37:  Line is longer than 80 characters: 82 APSC_DV.003215.LL-3
37:  Line is longer than 80 characters: 82 FORMAT.LL-3
37:  No JUnit test method defined for 'addExistingItemToCart()' JUNIT.TEST-2
37:  The method 'addExistingItemToCart' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
37:  Missing Javadoc comment for method 'addExistingItemToCart()' JAVADOC.PJDM-3
37:  Method 'addExistingItemToCart' performs compound action on "synchronized" collection 'cartIdToOrderMap' TRS.CMA-3
37:  Globally unused "public" method: addExistingItemToCart() GLOBAL.UPPM-4
37:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
37:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
37:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
37:  Parameter 'cartId' has the same name as a field OOP.HMF-3
37:  Formal parameter 'order' is not declared as final CODSTA.BP.FPF-3
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' APSC_DV.001460.NTX-2
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' CERT.ERR07.NTX-3
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' CODSTA.BP.NTX-3
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' CWE.397.NTX-3
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' OWASP2017.A6.NTX-3
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' OWASP2021.A5.NTX-3
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' OWASP2019.API7.NTX-5
39:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
39:  Parenthesis not followed by 1 space FORMAT.SAP-3
39:  'cartIdToOrderMap' calls "containsKey()" and then "get()" OPT.AUMO-3
39:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
40:  interface type 'List' is used MOBILE.AUI-3
40:  The local variable 'list' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
40:  Local variable 'list' has the same name as a field OOP.HMF-3
40:  The declaration of the local variable 'list' is not followed by a comment CODSTA.READ.CLV-5
40:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
41:  interface type 'Iterator' is used MOBILE.AUI-3
41:  The declaration of the local variable 'iterator' is not followed by a comment CODSTA.READ.CLV-5
42:  Variable 'found' does not end with 'boolean' NAMING.UHN-4
42:  The declaration of the local variable 'found' is not followed by a comment CODSTA.READ.CLV-5
42:  Local constant not declared "final": found CODSTA.READ.FLV-3
43:  Consider using a "for" loop here CODSTA.READ.PFL-5
43:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
43:  Parenthesis not followed by 1 space FORMAT.SAP-3
44:  Variable name 'o' is not of type "java.lang.Object" NAMING.CVN-4
44:  The length of the identifier "o" is less than the minimum length (2) NAMING.LLI-4
45:  The declaration of the local variable 'book' is not followed by a comment CODSTA.READ.CLV-5
46:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
46:  Parenthesis not followed by 1 space FORMAT.SAP-3
46:  The return value of 'getBook()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
50:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
51:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
52:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
52:  Parenthesis not followed by 1 space FORMAT.SAP-3
55:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
56:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
56:  Do not use trailing comments APSC_DV.003215.TC-3
56:  Do not use trailing comments FORMAT.TC-3
57:  Line is longer than 80 characters: 88 APSC_DV.003215.LL-3
57:  Line is longer than 80 characters: 88 FORMAT.LL-3
57:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
57:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
57:  Avoid throwing 'Exception' CWE.397.NTERR-3
57:  Avoid throwing 'Exception' EXCEPT.NTERR-3
57:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
57:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
57:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
57:  Concatenating strings INTER.COS-5
57:  Concatenating strings CERT.STR00.COS-3
57:  The String literal "An order with Cart Id " is used SECURITY.WSC.SL-3
57:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
57:  The String literal " does not exist!" is used SECURITY.WSC.SL-3
58:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
62:  Line is longer than 80 characters: 92 APSC_DV.003215.LL-3
62:  Line is longer than 80 characters: 92 FORMAT.LL-3
62:  No JUnit test method defined for 'updateExistingItem()' JUNIT.TEST-2
62:  The method 'updateExistingItem' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
62:  Missing Javadoc comment for method 'updateExistingItem()' JAVADOC.PJDM-3
62:  Method 'updateExistingItem' performs compound action on "synchronized" collection 'cartIdToOrderMap' TRS.CMA-3
62:  Globally unused "public" method: updateExistingItem() GLOBAL.UPPM-4
62:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
62:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
62:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
62:  Parameter 'cartId' has the same name as a field OOP.HMF-3
62:  Formal parameter 'itemId' is not declared as final CODSTA.BP.FPF-3
62:  Variable 'itemId' does not end with 'int' NAMING.UHN-4
62:  Variable 'quantity' does not end with 'int' NAMING.UHN-4
62:  Formal parameter 'quantity' is not declared as final CODSTA.BP.FPF-3
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' APSC_DV.001460.NTX-2
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' CERT.ERR07.NTX-3
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' CODSTA.BP.NTX-3
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' CWE.397.NTX-3
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' OWASP2017.A6.NTX-3
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' OWASP2021.A5.NTX-3
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' OWASP2019.API7.NTX-5
64:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
64:  Parenthesis not followed by 1 space FORMAT.SAP-3
64:  'cartIdToOrderMap' calls "containsKey()" and then "get()" OPT.AUMO-3
64:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
65:  interface type 'List' is used MOBILE.AUI-3
65:  The local variable 'list' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
65:  Local variable 'list' has the same name as a field OOP.HMF-3
65:  The declaration of the local variable 'list' is not followed by a comment CODSTA.READ.CLV-5
65:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
66:  interface type 'Iterator' is used MOBILE.AUI-3
66:  The declaration of the local variable 'iterator' is not followed by a comment CODSTA.READ.CLV-5
67:  Variable 'found' does not end with 'boolean' NAMING.UHN-4
67:  The declaration of the local variable 'found' is not followed by a comment CODSTA.READ.CLV-5
67:  Local constant not declared "final": found CODSTA.READ.FLV-3
68:  Consider using a "for" loop here CODSTA.READ.PFL-5
68:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
68:  Parenthesis not followed by 1 space FORMAT.SAP-3
69:  The declaration of the local variable 'order' is not followed by a comment CODSTA.READ.CLV-5
70:  The declaration of the local variable 'book' is not followed by a comment CODSTA.READ.CLV-5
71:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
71:  Parenthesis not followed by 1 space FORMAT.SAP-3
72:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
72:  Parenthesis not followed by 1 space FORMAT.SAP-3
73:  Line is longer than 80 characters: 81 APSC_DV.003215.LL-3
73:  Line is longer than 80 characters: 81 FORMAT.LL-3
73:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
73:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
73:  Avoid throwing 'Exception' CWE.397.NTERR-3
73:  Avoid throwing 'Exception' EXCEPT.NTERR-3
73:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
73:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
73:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
73:  Concatenating strings INTER.COS-5
73:  Concatenating strings CERT.STR00.COS-3
73:  The String literal "Did not update order with cartId " is used SECURITY.WSC.SL-3
74:  Indentation should be 28 (or 36) spaces APSC_DV.003215.IND-3
74:  Indentation should be 28 (or 36) spaces FORMAT.IND-3
74:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
74:  The String literal ", " is used SECURITY.WSC.SL-3
74:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
74:  The String literal " is greater than " is used SECURITY.WSC.SL-3
75:  Line is longer than 80 characters: 85 APSC_DV.003215.LL-3
75:  Line is longer than 80 characters: 85 FORMAT.LL-3
75:  Indentation should be 28 (or 36) spaces APSC_DV.003215.IND-3
75:  Indentation should be 28 (or 36) spaces FORMAT.IND-3
75:  The String literal "the quantity in stock: " is used SECURITY.WSC.SL-3
75:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
76:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
80:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
81:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
 +  82:  Condition "!found" always evaluates to true BD.PB.CC-2
 +  82:  Condition "!found" always evaluates to true CWE.561.CC-2
 +  82:  Condition "!found" always evaluates to true CWE.570.CC-2
 +  82:  Condition "!found" always evaluates to true CWE.571.CC-2
82:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
82:  Parenthesis not followed by 1 space FORMAT.SAP-3
83:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
83:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
83:  Avoid throwing 'Exception' CWE.397.NTERR-3
83:  Avoid throwing 'Exception' EXCEPT.NTERR-3
83:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
83:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
83:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
83:  Concatenating strings INTER.COS-5
83:  Concatenating strings CERT.STR00.COS-3
83:  The String literal "Did not update order with cartId " is used SECURITY.WSC.SL-3
84:  Indentation should be 20 (or 28) spaces APSC_DV.003215.IND-3
84:  Indentation should be 20 (or 28) spaces FORMAT.IND-3
84:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
84:  The String literal ", order does not exist." is used SECURITY.WSC.SL-3
85:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
86:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
86:  Do not use trailing comments APSC_DV.003215.TC-3
86:  Do not use trailing comments FORMAT.TC-3
87:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
87:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
87:  Avoid throwing 'Exception' CWE.397.NTERR-3
87:  Avoid throwing 'Exception' EXCEPT.NTERR-3
87:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
87:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
87:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
87:  Concatenating strings INTER.COS-5
87:  Concatenating strings CERT.STR00.COS-3
87:  The String literal "Did not update order with cartId " is used SECURITY.WSC.SL-3
87:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
88:  The String literal ", itemId " is used SECURITY.WSC.SL-3
88:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
88:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
88:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
88:  The String literal " does not exist in the order." is used SECURITY.WSC.SL-3
89:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
102:  No JUnit test method defined for 'getCartSize()' JUNIT.TEST-2
102:  Missing Javadoc tag '@since' for method 'getCartSize()' JAVADOC.ECTM-3
102:  "public" method without a '@post' contract: getCartSize () DBC.PUBMPOST-3
102:  "public" method without a '@pre' contract: getCartSize DBC.PUBMPRE-3
102:  Globally unused "public" method: getCartSize() GLOBAL.UPPM-4
112:  Misspelled word 'ites' JAVADOC.SPELL-3
113:  This '@return' tag does not contain a meaningful description of the method's return value JAVADOC.MDJT-3
116:  No JUnit test method defined for 'getCartSize()' JUNIT.TEST-2
116:  Missing Javadoc tag '@since' for method 'getCartSize()' JAVADOC.ECTM-3
116:  Method 'getCartSize' performs compound action on "synchronized" collection 'cartIdToOrderMap' TRS.CMA-3
116:  Globally unused "public" method: getCartSize() GLOBAL.UPPM-4
116:  "public" method without a '@post' contract: getCartSize () DBC.PUBMPOST-3
116:  "public" method without a '@pre' contract: getCartSize DBC.PUBMPRE-3
116:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
116:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
116:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
116:  Parameter 'cartId' has the same name as a field OOP.HMF-3
116:  Throwing explicit 'Exception' object in 'getCartSize()' APSC_DV.001460.NTX-2
116:  Throwing explicit 'Exception' object in 'getCartSize()' CERT.ERR07.NTX-3
116:  Throwing explicit 'Exception' object in 'getCartSize()' CODSTA.BP.NTX-3
116:  Throwing explicit 'Exception' object in 'getCartSize()' CWE.397.NTX-3
116:  Throwing explicit 'Exception' object in 'getCartSize()' OWASP2017.A6.NTX-3
116:  Throwing explicit 'Exception' object in 'getCartSize()' OWASP2021.A5.NTX-3
116:  Throwing explicit 'Exception' object in 'getCartSize()' OWASP2019.API7.NTX-5
117:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
117:  Parenthesis not followed by 1 space FORMAT.SAP-3
117:  'cartIdToOrderMap' calls "containsKey()" and then "get()" OPT.AUMO-3
117:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
118:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
119:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
120:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
120:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
120:  Avoid throwing 'Exception' CWE.397.NTERR-3
120:  Avoid throwing 'Exception' EXCEPT.NTERR-3
120:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
120:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
120:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
120:  Concatenating strings INTER.COS-5
120:  Concatenating strings CERT.STR00.COS-3
120:  The String literal "cartId: " is used SECURITY.WSC.SL-3
121:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
121:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
121:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
121:  The String literal " doesn't exist." is used SECURITY.WSC.SL-3
124:  interface type 'Map' is used MOBILE.AUI-3
124:  interface type 'List' is used MOBILE.AUI-3
124:  No JUnit test method defined for 'getCart()' JUNIT.TEST-2
124:  The method 'getCart' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
124:  Missing Javadoc comment for method 'getCart()' JAVADOC.PJDM-3
124:  Globally unused "public" method: getCart() GLOBAL.UPPM-4
128:  Globally unused "public" method: removeEmptyMappings() GLOBAL.UPPM-4
128:  No JUnit test method defined for 'removeEmptyMappings()' JUNIT.TEST-2
128:  Missing Javadoc comment for method 'removeEmptyMappings()' JAVADOC.PJDM-3
129:  Line is longer than 80 characters: 95 APSC_DV.003215.LL-3
129:  Line is longer than 80 characters: 95 FORMAT.LL-3
129:  interface type 'Iterator' is used MOBILE.AUI-3
129:  interface type 'Entry' is used MOBILE.AUI-3
129:  interface type 'List' is used MOBILE.AUI-3
129:  The declaration of the local variable 'itr' is not followed by a comment CODSTA.READ.CLV-5
130:  Consider using a "for" loop here CODSTA.READ.PFL-5
130:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
130:  Parenthesis not followed by 1 space FORMAT.SAP-3
131:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
131:  Parenthesis not followed by 1 space FORMAT.SAP-3
133:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
134:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
137:  No JUnit test method defined for 'removeOrder()' JUNIT.TEST-2
137:  Missing Javadoc comment for method 'removeOrder()' JAVADOC.PJDM-3
137:  Method 'removeOrder' performs compound action on "synchronized" collection 'cartIdToOrderMap' TRS.CMA-3
137:  Globally unused "public" method: removeOrder() GLOBAL.UPPM-4
137:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
137:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
137:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
137:  Parameter 'cartId' has the same name as a field OOP.HMF-3
138:  Variable 'found' does not end with 'boolean' NAMING.UHN-4
138:  The declaration of the local variable 'found' is not followed by a comment CODSTA.READ.CLV-5
139:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
139:  Parenthesis not followed by 1 space FORMAT.SAP-3
139:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
140:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
142:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
146:  No JUnit test method defined for 'setCartId()' JUNIT.TEST-2
146:  Method 'setCartId()' should be declared "private" CWE.749.DPPM-4
146:  Method 'setCartId()' should be declared "private" GLOBAL.DPPM-4
146:  Method 'setCartId()' should be declared "final" GLOBAL.SPPM-5
146:  Setter method 'setCartId()' is not declared "final" OPT.MAF-5
146:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
146:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
146:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
146:  Parameter 'cartId' has the same name as a field OOP.HMF-3
150:  No JUnit test method defined for 'getCartId()' JUNIT.TEST-2
150:  Globally unused "public" method: getCartId() GLOBAL.UPPM-4
150:  Getter method 'getCartId()' is not declared "final" OPT.MAF-5
154:  Setter method 'setItem()' is not declared "final" OPT.MAF-5
154:  Method 'setItem()' should be declared "private" CWE.749.DPPM-4
154:  Method 'setItem()' should be declared "private" GLOBAL.DPPM-4
154:  Method 'setItem()' should be declared "final" GLOBAL.SPPM-5
154:  No JUnit test method defined for 'setItem()' JUNIT.TEST-2
154:  Missing Javadoc comment for method 'setItem()' JAVADOC.PJDM-3
154:  interface type 'List' is used MOBILE.AUI-3
154:  Formal parameter 'list' is not declared as final CODSTA.BP.FPF-3
154:  The parameter 'list' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
154:  Parameter 'list' has the same name as a field OOP.HMF-3
158:  interface type 'List' is used MOBILE.AUI-3
158:  No JUnit test method defined for 'getItem()' JUNIT.TEST-2
158:  The method 'getItem' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
158:  Missing Javadoc comment for method 'getItem()' JAVADOC.PJDM-3
158:  Globally unused "public" method: getItem() GLOBAL.UPPM-4
158:  Getter method 'getItem()' is not declared "final" OPT.MAF-5
162:  Globally unused "public" method: getStaticCart_Id() GLOBAL.UPPM-4
162:  No JUnit test method defined for 'getStaticCart_Id()' JUNIT.TEST-2
162:  Missing Javadoc comment for method 'getStaticCart_Id()' JAVADOC.PJDM-3
165:  File should be terminated by a newline character APSC_DV.003215.TNL-3
165:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore/CartTimer.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Comment contains Java code: // public class CartTimer exte... UC.ACC-3
4:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
4:  Use 1 blank line before every top-level class (or corresponding Javadoc) APSC_DV.003215.U2BL-3
4:  Use 2 blank lines before type declaration FORMAT.BLCD-3
4:  Use 1 blank line before every top-level class (or corresponding Javadoc) FORMAT.U2BL-3
4:  'clone()' method is missing CERT.OBJ07.MCNC-2
4:  Missing Javadoc comment for 'CartTimer' JAVADOC.PJDC-3
4:  Globally unused "public" class: com.parasoft.bookstore.CartTimer GLOBAL.UPPC-4
4:  The immutable class not declared 'final' SECURITY.WSC.FIMU-4
4:  'writeObject()' method is missing CWE.499.SER-5
4:  'clone()' method is missing SECURITY.WSC.MCNC-5
4:  'writeObject()' method is missing SECURITY.WSC.SER-5
4:  "class" missing a no argument constructor: CartTimer CODSTA.POD.DCTOR-5
4:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
4:  'readObject()' method is missing SECURITY.WSC.DSER-5
4:  interface type 'Runnable' is used MOBILE.AUI-3
5:  Use 1 blank line before every method declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
5:  Use 1 blank line before every method declaration (or corresponding Javadoc) FORMAT.U2BL-3
6:  The method 'run()' does not contain a "try"/"catch" block which catches all possible "Throwable" objects EXCEPT.CATO-2
6:  No JUnit test method defined for 'run()' JUNIT.TEST-2
6:  Missing Javadoc comment for method 'run()' JAVADOC.PJDM-3
6:  'Runnable.run()' method should be synchronized if it cannot be safely executed concurrently TRS.RUN-5
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore/DisplayOrder.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  Public clone method missing CERT.OBJ05.MUCOP-1
3:  Static creation method missing CERT.OBJ05.MUCOP-1
3:  Copy constructor missing CERT.OBJ05.MUCOP-1
3:  Public clone method missing CERT.OBJ06.MUCOP-2
3:  Static creation method missing CERT.OBJ06.MUCOP-2
3:  Copy constructor missing CERT.OBJ06.MUCOP-2
3:  'clone()' method is missing CERT.OBJ07.MCNC-2
3:  Public clone method missing CERT.OBJ04.MUCOP-3
3:  Static creation method missing CERT.OBJ04.MUCOP-3
3:  Copy constructor missing CERT.OBJ04.MUCOP-3
3:  DisplayOrder has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
3:  getter method without an @invariant contract: getItem() DBC.IGM-3
3:  getter method without an @invariant contract: getCartId() DBC.IGM-3
3:  Missing Javadoc comment for 'DisplayOrder' JAVADOC.PJDC-3
3:  Public clone method missing OOP.MUCOP-3
3:  Static creation method missing OOP.MUCOP-3
3:  Copy constructor missing OOP.MUCOP-3
3:  Globally unused "public" class: com.parasoft.bookstore.DisplayOrder GLOBAL.UPPC-4
3:  'writeObject()' method is missing CWE.499.SER-5
3:  'clone()' method is missing SECURITY.WSC.MCNC-5
3:  'writeObject()' method is missing SECURITY.WSC.SER-5
3:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
3:  'readObject()' method is missing SECURITY.WSC.DSER-5
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
4:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
5:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
5:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
7:  No JUnit test method defined for 'DisplayOrder()' JUNIT.TEST-2
7:  Missing Javadoc comment for method 'DisplayOrder()' JAVADOC.PJDM-3
7:  Field 'item', declared on line 5, is not initialized in this constructor nor in its declaration INIT.CSI-4
7:  Field 'cartId', declared on line 4, is not initialized in this constructor nor in its declaration INIT.CSI-4
11:  No JUnit test method defined for 'DisplayOrder()' JUNIT.TEST-2
11:  Missing Javadoc comment for method 'DisplayOrder()' JAVADOC.PJDM-3
11:  Globally unused "public" constructor DisplayOrder() GLOBAL.UPPM-4
11:  Formal parameter 'order' is not declared as final CODSTA.BP.FPF-3
11:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
11:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
11:  Parameter 'cartId' has the same name as a field OOP.HMF-3
11:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
12:  This assignment may store the original parameter 'order' rather than a copy of the parameter into the field 'item' CERT.OBJ05.SMO-1
12:  This assignment may store the original parameter 'order' rather than a copy of the parameter into the field 'item' CERT.OBJ06.SMO-2
12:  This assignment may store the original parameter 'order' rather than a copy of the parameter into the field 'item' CERT.OBJ04.SMO-3
12:  This assignment may store the original parameter 'order' rather than a copy of the parameter into the field 'item' SECURITY.EAB.SMO-3
16:  No JUnit test method defined for 'getItem()' JUNIT.TEST-2
16:  The method 'getItem' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
16:  Globally unused "public" method: getItem() GLOBAL.UPPM-4
16:  Getter method 'getItem()' is not declared "final" OPT.MAF-5
20:  Setter method 'setItem()' is not declared "final" OPT.MAF-5
20:  No JUnit test method defined for 'setItem()' JUNIT.TEST-2
20:  Globally unused "public" method: setItem() GLOBAL.UPPM-4
20:  Formal parameter 'item' is not declared as final CODSTA.BP.FPF-3
20:  The parameter 'item' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
20:  Parameter 'item' has the same name as a field OOP.HMF-3
24:  No JUnit test method defined for 'getCartId()' JUNIT.TEST-2
24:  Globally unused "public" method: getCartId() GLOBAL.UPPM-4
24:  Getter method 'getCartId()' is not declared "final" OPT.MAF-5
28:  Setter method 'setCartId()' is not declared "final" OPT.MAF-5
28:  No JUnit test method defined for 'setCartId()' JUNIT.TEST-2
28:  Globally unused "public" method: setCartId() GLOBAL.UPPM-4
28:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
28:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
28:  Parameter 'cartId' has the same name as a field OOP.HMF-3
28:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore/Item.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
4:  "import java.math.BigDecimal" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
4:  "import java.math.BigDecimal" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
6:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
6:  Use 2 blank lines before type declaration FORMAT.BLCD-3
6:  Public clone method missing CERT.OBJ05.MUCOP-1
6:  Static creation method missing CERT.OBJ05.MUCOP-1
6:  Copy constructor missing CERT.OBJ05.MUCOP-1
6:  Serializable class 'Item' does not implement readObject() APSC_DV.001460.OROM-2
6:  Public clone method missing CERT.OBJ06.MUCOP-2
6:  Static creation method missing CERT.OBJ06.MUCOP-2
6:  Copy constructor missing CERT.OBJ06.MUCOP-2
6:  'clone()' method is missing CERT.OBJ07.MCNC-2
6:  Public clone method missing CERT.OBJ04.MUCOP-3
6:  Static creation method missing CERT.OBJ04.MUCOP-3
6:  Copy constructor missing CERT.OBJ04.MUCOP-3
6:  Item has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
6:  getter method without an @invariant contract: getName() DBC.IGM-3
6:  getter method without an @invariant contract: getId() DBC.IGM-3
6:  getter method without an @invariant contract: getStockQuantity() DBC.IGM-3
6:  getter method without an @invariant contract: getPrice() DBC.IGM-3
6:  Missing Javadoc comment for 'Item' JAVADOC.PJDC-3
6:  Class 'Item' could potentially be merged with its subclass MOBILE.J2ME.CSOO-3
6:  Public clone method missing OOP.MUCOP-3
6:  Static creation method missing OOP.MUCOP-3
6:  Copy constructor missing OOP.MUCOP-3
6:  Item implements Serializable instead of Externalizable SERIAL.EZEE-3
6:  Class 'com.parasoft.bookstore.Item' should be declared "package-private" GLOBAL.DPPC-4
6:  Serializable class 'Item' does not implement readObject() OWASP2017.A8.OROM-5
6:  Serializable class 'Item' does not implement readObject() OWASP2021.A8.OROM-5
6:  Serializable class 'Item' does not implement readObject() SECURITY.EAB.OROM-5
6:  'clone()' method is missing SECURITY.WSC.MCNC-5
6:  Number of Javadoc comments are below thresholds (%): 6.0 METRICS.PJDC-3
6:  interface type 'Serializable' is used MOBILE.AUI-3
7:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
7:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
7:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
11:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
11:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
11:  Inspect field 'id' to ensure it will not expose sensitive data CWE.499.SIF-1
11:  Inspect field 'id' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
11:  Inspect field 'id' to ensure it will not expose sensitive data CERT.SER03.SIF-2
11:  Variable 'id' does not end with 'int' NAMING.UHN-4
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
12:  Inspect field 'title' to ensure it will not expose sensitive data CWE.499.SIF-1
12:  Inspect field 'title' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
12:  Inspect field 'title' to ensure it will not expose sensitive data CERT.SER03.SIF-2
12:  Missing 'getTitle()' method for field 'title' BEAN.NFM-4
12:  Missing 'setTitle()' method for field 'title' BEAN.NFM-4
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
13:  Inspect field 'quantity_in_stock' to ensure it will not expose sensitive data CWE.499.SIF-1
13:  Inspect field 'quantity_in_stock' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
13:  Inspect field 'quantity_in_stock' to ensure it will not expose sensitive data CERT.SER03.SIF-2
13:  Missing 'getQuantity_in_stock()' method for field 'quantity_in_stock' BEAN.NFM-4
13:  Missing 'setQuantity_in_stock()' method for field 'quantity_in_stock' BEAN.NFM-4
13:  Variable 'quantity_in_stock' does not end with 'int' NAMING.UHN-4
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
14:  Inspect field 'price' to ensure it will not expose sensitive data CWE.499.SIF-1
14:  Inspect field 'price' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
14:  Inspect field 'price' to ensure it will not expose sensitive data CERT.SER03.SIF-2
16:  No JUnit test method defined for 'Item()' JUNIT.TEST-2
16:  Missing Javadoc comment for method 'Item()' JAVADOC.PJDM-3
16:  Field 'title', declared on line 12, is not initialized in this constructor nor in its declaration INIT.CSI-4
16:  Field 'quantity_in_stock', declared on line 13, is not initialized in this constructor nor in its declaration INIT.CSI-4
16:  Field 'id', declared on line 11, is not initialized in this constructor nor in its declaration INIT.CSI-4
16:  Field 'price', declared on line 14, is not initialized in this constructor nor in its declaration INIT.CSI-4
20:  Constructor 'Item' throws 'ItemNotFoundException' CERT.OBJ11.EPNFC-1
20:  No JUnit test method defined for 'Item()' JUNIT.TEST-2
20:  Constructor 'Item' throws 'ItemNotFoundException' EXCEPT.EPNFC-3
20:  Missing Javadoc comment for method 'Item()' JAVADOC.PJDM-3
20:  Constructor 'Item()' should be declared "package-private" CWE.749.DPPM-4
20:  Constructor 'Item()' should be declared "package-private" GLOBAL.DPPM-4
20:  Formal parameter 'id' is not declared as final CODSTA.BP.FPF-3
20:  The parameter 'id' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
20:  Parameter 'id' has the same name as a field OOP.HMF-3
20:  Variable 'id' does not end with 'int' NAMING.UHN-4
20:  Formal parameter 'name' is not declared as final CODSTA.BP.FPF-3
20:  Formal parameter 'price' is not declared as final CODSTA.BP.FPF-3
20:  The parameter 'price' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
20:  Parameter 'price' has the same name as a field OOP.HMF-3
20:  Formal parameter 'quantity' is not declared as final CODSTA.BP.FPF-3
20:  Variable 'quantity' does not end with 'int' NAMING.UHN-4
21:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
21:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
21:  Exception 'ItemNotFoundException' is not thrown in the body of method 'Item' GLOBAL.AUT-2
28:  No JUnit test method defined for 'getName()' JUNIT.TEST-2
28:  The method 'getName' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
28:  Missing Javadoc comment for method 'getName()' JAVADOC.PJDM-3
28:  Method 'getName()' should be declared "package-private" CWE.749.DPPM-4
28:  Method 'getName()' should be declared "package-private" GLOBAL.DPPM-4
28:  Method 'getName()' should be declared "final" GLOBAL.SPPM-5
28:  Getter method 'getName()' is not declared "final" OPT.MAF-5
32:  Setter method 'setName()' is not declared "final" OPT.MAF-5
32:  No JUnit test method defined for 'setName()' JUNIT.TEST-2
32:  Missing Javadoc comment for method 'setName()' JAVADOC.PJDM-3
32:  Globally unused "public" method: setName() GLOBAL.UPPM-4
32:  Formal parameter 'title' is not declared as final CODSTA.BP.FPF-3
32:  The parameter 'title' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
32:  Parameter 'title' has the same name as a field OOP.HMF-3
36:  No JUnit test method defined for 'getId()' JUNIT.TEST-2
36:  Method 'getId()' should be declared "package-private" CWE.749.DPPM-4
36:  Method 'getId()' should be declared "package-private" GLOBAL.DPPM-4
36:  Method 'getId()' should be declared "final" GLOBAL.SPPM-5
36:  Getter method 'getId()' is not declared "final" OPT.MAF-5
40:  Setter method 'setId()' is not declared "final" OPT.MAF-5
40:  No JUnit test method defined for 'setId()' JUNIT.TEST-2
40:  Globally unused "public" method: setId() GLOBAL.UPPM-4
40:  Formal parameter 'id' is not declared as final CODSTA.BP.FPF-3
40:  The parameter 'id' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
40:  Parameter 'id' has the same name as a field OOP.HMF-3
40:  Variable 'id' does not end with 'int' NAMING.UHN-4
44:  No JUnit test method defined for 'getStockQuantity()' JUNIT.TEST-2
44:  Missing Javadoc comment for method 'getStockQuantity()' JAVADOC.PJDM-3
44:  Method 'getStockQuantity()' should be declared "package-private" CWE.749.DPPM-4
44:  Method 'getStockQuantity()' should be declared "package-private" GLOBAL.DPPM-4
44:  Method 'getStockQuantity()' should be declared "final" GLOBAL.SPPM-5
44:  Getter method 'getStockQuantity()' is not declared "final" OPT.MAF-5
48:  Setter method 'setStockQuantity()' is not declared "final" OPT.MAF-5
48:  No JUnit test method defined for 'setStockQuantity()' JUNIT.TEST-2
48:  Missing Javadoc comment for method 'setStockQuantity()' JAVADOC.PJDM-3
48:  Globally unused "public" method: setStockQuantity() GLOBAL.UPPM-4
48:  Formal parameter 'quantity_in_stock' is not declared as final CODSTA.BP.FPF-3
48:  The parameter 'quantity_in_stock' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
48:  Parameter 'quantity_in_stock' has the same name as a field OOP.HMF-3
48:  Variable 'quantity_in_stock' does not end with 'int' NAMING.UHN-4
52:  No JUnit test method defined for 'getPrice()' JUNIT.TEST-2
52:  The method 'getPrice' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
52:  Globally unused "public" method: getPrice() GLOBAL.UPPM-4
52:  Getter method 'getPrice()' is not declared "final" OPT.MAF-5
56:  Setter method 'setPrice()' is not declared "final" OPT.MAF-5
56:  No JUnit test method defined for 'setPrice()' JUNIT.TEST-2
56:  Method 'setPrice()' should be declared "private" CWE.749.DPPM-4
56:  Method 'setPrice()' should be declared "private" GLOBAL.DPPM-4
56:  Method 'setPrice()' should be declared "final" GLOBAL.SPPM-5
56:  Formal parameter 'price' is not declared as final CODSTA.BP.FPF-3
56:  The parameter 'price' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
56:  Parameter 'price' has the same name as a field OOP.HMF-3
60:  No JUnit test method defined for 'inflatePrice()' JUNIT.TEST-2
60:  Missing Javadoc comment for method 'inflatePrice()' JAVADOC.PJDM-3
60:  Method 'inflatePrice()' should be declared "package-private" CWE.749.DPPM-4
60:  Method 'inflatePrice()' should be declared "package-private" GLOBAL.DPPM-4
60:  Method 'inflatePrice()' should be declared "final" GLOBAL.SPPM-5
60:  Formal parameter 'amount' is not declared as final CODSTA.BP.FPF-3
63:  File should be terminated by a newline character APSC_DV.003215.TNL-3
63:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore/ItemNotFoundException.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  'clone()' method is missing CERT.OBJ07.MCNC-2
3:  Missing Javadoc comment for 'ItemNotFoundException' JAVADOC.PJDC-3
3:  ItemNotFoundException implements Serializable instead of Externalizable SERIAL.EZEE-3
3:  Class 'com.parasoft.bookstore.ItemNotFoundException' should be declared "package-private" GLOBAL.DPPC-4
3:  The immutable class not declared 'final' SECURITY.WSC.FIMU-4
3:  Class 'com.parasoft.bookstore.ItemNotFoundException' should be declared "final" GLOBAL.SPPC-5
3:  'clone()' method is missing SECURITY.WSC.MCNC-5
3:  "class" missing a no argument constructor: ItemNotFoundException CODSTA.POD.DCTOR-5
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
4:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
8:  Use 1 blank line before every method declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
8:  Use 1 blank line before every method declaration (or corresponding Javadoc) FORMAT.U2BL-3
8:  No JUnit test method defined for 'ItemNotFoundException()' JUNIT.TEST-2
8:  'public' constructor declared CODSTA.BP.CMUTA-3
8:  Missing Javadoc comment for method 'ItemNotFoundException()' JAVADOC.PJDM-3
8:  Constructor 'ItemNotFoundException()' should be declared "package-private" CWE.749.DPPM-4
8:  Constructor 'ItemNotFoundException()' should be declared "package-private" GLOBAL.DPPM-4
8:  Flag not present SECURITY.WSC.INIVF-4
8:  Formal parameter 'msg' is not declared as final CODSTA.BP.FPF-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore/Order.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  Public clone method missing CERT.OBJ04.MUCOP-3
3:  Static creation method missing CERT.OBJ04.MUCOP-3
3:  Copy constructor missing CERT.OBJ04.MUCOP-3
3:  getter method without an @invariant contract: getBook() DBC.IGM-3
3:  getter method without an @invariant contract: getQuantity() DBC.IGM-3
3:  getter method without an @invariant contract: getTimestamp() DBC.IGM-3
3:  Missing Javadoc comment for 'Order' JAVADOC.PJDC-3
3:  Public clone method missing OOP.MUCOP-3
3:  Static creation method missing OOP.MUCOP-3
3:  Copy constructor missing OOP.MUCOP-3
3:  Class 'com.parasoft.bookstore.Order' should be declared "package-private" GLOBAL.DPPC-4
3:  'writeObject()' method is missing CWE.499.SER-5
3:  Class 'com.parasoft.bookstore.Order' should be declared "final" GLOBAL.SPPC-5
3:  'clone()' method is missing SECURITY.WSC.MCNC-5
3:  'writeObject()' method is missing SECURITY.WSC.SER-5
3:  Public clone method missing CERT.OBJ05.MUCOP-1
3:  Static creation method missing CERT.OBJ05.MUCOP-1
3:  Copy constructor missing CERT.OBJ05.MUCOP-1
3:  Public clone method missing CERT.OBJ06.MUCOP-2
3:  Static creation method missing CERT.OBJ06.MUCOP-2
3:  Copy constructor missing CERT.OBJ06.MUCOP-2
3:  'clone()' method is missing CERT.OBJ07.MCNC-2
3:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
3:  'readObject()' method is missing SECURITY.WSC.DSER-5
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
5:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
5:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
5:  Variable 'quantity' does not end with 'int' NAMING.UHN-4
6:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
6:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
6:  Missing 'setTimestamp()' method for field 'timestamp' BEAN.NFM-4
6:  Variable 'timestamp' does not end with 'long' NAMING.UHN-4
8:  Missing Javadoc comment for method 'Order()' JAVADOC.PJDM-3
8:  No JUnit test method defined for 'Order()' JUNIT.TEST-2
9:  Inspect that 'System.currentTimeMillis()' is used securely SECURITY.BV.ADT-5
12:  Missing Javadoc comment for method 'Order()' JAVADOC.PJDM-3
12:  Constructor 'Order()' should be declared "private" CWE.749.DPPM-4
12:  Constructor 'Order()' should be declared "private" GLOBAL.DPPM-4
12:  No JUnit test method defined for 'Order()' JUNIT.TEST-2
12:  Formal parameter 'book' is not declared as final CODSTA.BP.FPF-3
12:  The parameter 'book' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
12:  Parameter 'book' has the same name as a field OOP.HMF-3
12:  Formal parameter 'quantity' is not declared as final CODSTA.BP.FPF-3
12:  The parameter 'quantity' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
12:  Parameter 'quantity' has the same name as a field OOP.HMF-3
12:  Variable 'quantity' does not end with 'int' NAMING.UHN-4
12:  Formal parameter 'timestamp' is not declared as final CODSTA.BP.FPF-3
12:  The parameter 'timestamp' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
12:  Parameter 'timestamp' has the same name as a field OOP.HMF-3
12:  Variable 'timestamp' does not end with 'long' NAMING.UHN-4
18:  No JUnit test method defined for 'getBook()' JUNIT.TEST-2
18:  The method 'getBook' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
18:  Method 'getBook()' should be declared "package-private" CWE.749.DPPM-4
18:  Method 'getBook()' should be declared "package-private" GLOBAL.DPPM-4
18:  Method 'getBook()' should be declared "final" GLOBAL.SPPM-5
18:  Getter method 'getBook()' is not declared "final" OPT.MAF-5
22:  Setter method 'setBook()' is not declared "final" OPT.MAF-5
22:  No JUnit test method defined for 'setBook()' JUNIT.TEST-2
22:  Globally unused "public" method: setBook() GLOBAL.UPPM-4
22:  Formal parameter 'book' is not declared as final CODSTA.BP.FPF-3
22:  The parameter 'book' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
22:  Parameter 'book' has the same name as a field OOP.HMF-3
26:  Method 'getQuantity()' should be declared "package-private" CWE.749.DPPM-4
26:  Method 'getQuantity()' should be declared "package-private" GLOBAL.DPPM-4
26:  Method 'getQuantity()' should be declared "final" GLOBAL.SPPM-5
26:  Getter method 'getQuantity()' is not declared "final" OPT.MAF-5
26:  No JUnit test method defined for 'getQuantity()' JUNIT.TEST-2
30:  Setter method 'setQuantity()' is not declared "final" OPT.MAF-5
30:  No JUnit test method defined for 'setQuantity()' JUNIT.TEST-2
30:  Method 'setQuantity()' should be declared "package-private" CWE.749.DPPM-4
30:  Method 'setQuantity()' should be declared "package-private" GLOBAL.DPPM-4
30:  Method 'setQuantity()' should be declared "final" GLOBAL.SPPM-5
30:  Formal parameter 'quantity' is not declared as final CODSTA.BP.FPF-3
30:  The parameter 'quantity' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
30:  Parameter 'quantity' has the same name as a field OOP.HMF-3
30:  Variable 'quantity' does not end with 'int' NAMING.UHN-4
34:  No JUnit test method defined for 'modifyCount()' JUNIT.TEST-2
34:  Missing Javadoc comment for method 'modifyCount()' JAVADOC.PJDM-3
34:  Method 'modifyCount()' should be declared "package-private" CWE.749.DPPM-4
34:  Method 'modifyCount()' should be declared "package-private" GLOBAL.DPPM-4
34:  Method 'modifyCount()' should be declared "final" GLOBAL.SPPM-5
34:  Formal parameter 'amount' is not declared as final CODSTA.BP.FPF-3
34:  Variable 'amount' does not end with 'int' NAMING.UHN-4
38:  No JUnit test method defined for 'getTimestamp()' JUNIT.TEST-2
38:  Globally unused "public" method: getTimestamp() GLOBAL.UPPM-4
38:  Getter method 'getTimestamp()' is not declared "final" OPT.MAF-5
42:  Missing Javadoc comment for method 'refreshTimestamp()' JAVADOC.PJDM-3
42:  Name of setter method 'refreshTimestamp' does not match user-specified regular expression '^set.' NAMING.SETA-3
42:  Method 'refreshTimestamp()' should be declared "package-private" CWE.749.DPPM-4
42:  Method 'refreshTimestamp()' should be declared "package-private" GLOBAL.DPPM-4
42:  Method 'refreshTimestamp()' should be declared "final" GLOBAL.SPPM-5
42:  No JUnit test method defined for 'refreshTimestamp()' JUNIT.TEST-2
43:  Inspect that 'System.currentTimeMillis()' is used securely SECURITY.BV.ADT-5
45:  File should be terminated by a newline character APSC_DV.003215.TNL-3
45:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore/SecureCartService.java
8:  Use 0 blank lines before the package statements APSC_DV.003215.U2BL-3
8:  Use 0 blank lines before the package statements FORMAT.U2BL-3
11:  "import java.sql.PreparedStatement" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
11:  "import java.sql.PreparedStatement" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
15:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
15:  Use 2 blank lines before type declaration FORMAT.BLCD-3
15:  Public clone method missing CERT.OBJ05.MUCOP-1
15:  Static creation method missing CERT.OBJ05.MUCOP-1
15:  Copy constructor missing CERT.OBJ05.MUCOP-1
15:  Public clone method missing CERT.OBJ06.MUCOP-2
15:  Static creation method missing CERT.OBJ06.MUCOP-2
15:  Copy constructor missing CERT.OBJ06.MUCOP-2
15:  'clone()' method is missing CERT.OBJ07.MCNC-2
15:  Public clone method missing CERT.OBJ04.MUCOP-3
15:  Static creation method missing CERT.OBJ04.MUCOP-3
15:  Copy constructor missing CERT.OBJ04.MUCOP-3
15:  Missing Javadoc comment for 'SecureCartService' JAVADOC.PJDC-3
15:  Public clone method missing OOP.MUCOP-3
15:  Static creation method missing OOP.MUCOP-3
15:  Copy constructor missing OOP.MUCOP-3
15:  Globally unused "public" class: com.parasoft.bookstore.SecureCartService GLOBAL.UPPC-4
15:  'writeObject()' method is missing CWE.499.SER-5
15:  'clone()' method is missing SECURITY.WSC.MCNC-5
15:  'writeObject()' method is missing SECURITY.WSC.SER-5
15:  "class" missing a no argument constructor: SecureCartService CODSTA.POD.DCTOR-5
15:  'readObject()' method is missing SECURITY.WSC.DSER-5
16:  Use 1 blank line before every method declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
16:  Use 1 blank line before every method declaration (or corresponding Javadoc) FORMAT.U2BL-3
16:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
18:  '@see ...' doesn't match any Java element JAVADOC.DPMT-3
18:  '@see ...' doesn't match any Java element OWASP2019.API9.DPMT-3
21:  No JUnit test method defined for 'getItemByTitle()' JUNIT.TEST-2
21:  The method 'getItemByTitle' should include an '@post' or '@return' tag describing whether or not the method can return null JAVADOC.CRN-3
21:  Missing Javadoc tag '@since' for method 'getItemByTitle()' JAVADOC.ECTM-3
21:  Globally unused "public" method: getItemByTitle() GLOBAL.UPPM-4
21:  Method 'getItemByTitle' returns a value, but 'invocationCounter' changes state on line: '22' OOP.CQS-4
21:  "public" method without a '@post' contract: getItemByTitle () DBC.PUBMPOST-3
21:  "public" method without a '@pre' contract: getItemByTitle DBC.PUBMPRE-3
21:  Formal parameter 'title' is not declared as final CODSTA.BP.FPF-3
23:  Variable 'books' is not declared at the beginning of the block CODSTA.READ.PDBB-4
23:  The declaration of the local variable 'books' is not followed by a comment CODSTA.READ.CLV-5
23:  There is not 1 space after 'null' APSC_DV.003215.SCOP-3
23:  There is not 1 space after 'null' FORMAT.SCOP-3
23:  The String literal "" is used SECURITY.WSC.SL-3
24:  Enhanced "for" loop used CODSTA.READ.AEFS-5
24:  The length of the identifier "b" is less than the minimum length (2) NAMING.LLI-4
25:  field 'invocationCounter' is used multiple times MOBILE.ACFM-3
25:  Non-local variable 'invocationCounter' used inside loop body OPT.USV-4
26:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
 +  28:  The state of the object: "this.invocationCounter" was changed and has not been restored BD.PB.REVOBJ-5
 +  28:  The state of the object: "this.invocationCounter" was changed and has not been restored CERT.ERR03.REVOBJ-3
34:  Line is longer than 80 characters: 103 APSC_DV.003215.LL-3
34:  Line is longer than 80 characters: 103 FORMAT.LL-3
34:  Elements in 'SecureCartService' not ordered appropriately, first violation: method 'getByTitleLike' at line 30 should be placed before method 'getItemByTitle' at line 16 CODSTA.ORG.FO-3
34:  The '@post'/'@return' tag(s) for the method 'getByTitleLike' do not properly describe whether or not the method can return null JAVADOC.CRN-3
34:  "private" method without a '@post' contract: getByTitleLike () DBC.PRIMPOST-5
34:  "private" method without a '@pre' contract: getByTitleLike () DBC.PRIMPRE-5
34:  Formal parameter 'titlePart' is not declared as final CODSTA.BP.FPF-3
36:  The declaration of the local variable 'query' is not followed by a comment CODSTA.READ.CLV-5
36:  Concatenating strings CERT.STR00.COS-3
36:  Non internationalized string: "SELECT DISTINCT " INTER.ITT-3
36:  Concatenating strings INTER.COS-5
36:  The String literal "SELECT DISTINCT " is used SECURITY.WSC.SL-3
37:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
37:  Single character '.' using double quotes in string concatenation OPT.STR-3
37:  The String literal "." is used SECURITY.WSC.SL-3
37:  The String literal "," is used SECURITY.WSC.SL-3
37:  Single character ',' using double quotes in string concatenation OPT.STR-3
38:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
38:  Single character '.' using double quotes in string concatenation OPT.STR-3
38:  The String literal "." is used SECURITY.WSC.SL-3
38:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
38:  Single character ',' using double quotes in string concatenation OPT.STR-3
38:  The String literal "," is used SECURITY.WSC.SL-3
39:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
39:  Single character '.' using double quotes in string concatenation OPT.STR-3
39:  The String literal "." is used SECURITY.WSC.SL-3
39:  The String literal "," is used SECURITY.WSC.SL-3
39:  Single character ',' using double quotes in string concatenation OPT.STR-3
40:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
40:  Single character '.' using double quotes in string concatenation OPT.STR-3
40:  The String literal "." is used SECURITY.WSC.SL-3
40:  The String literal "," is used SECURITY.WSC.SL-3
40:  Single character ',' using double quotes in string concatenation OPT.STR-3
41:  Line is longer than 80 characters: 123 APSC_DV.003215.LL-3
41:  Line is longer than 80 characters: 123 FORMAT.LL-3
41:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
41:  Single character '.' using double quotes in string concatenation OPT.STR-3
41:  The String literal "." is used SECURITY.WSC.SL-3
41:  The String literal " as " is used SECURITY.WSC.SL-3
41:  Non internationalized string: " as " INTER.ITT-3
41:  Single character ',' using double quotes in string concatenation OPT.STR-3
41:  The String literal "," is used SECURITY.WSC.SL-3
42:  Line is longer than 80 characters: 84 APSC_DV.003215.LL-3
42:  Line is longer than 80 characters: 84 FORMAT.LL-3
42:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
42:  Single character '.' using double quotes in string concatenation OPT.STR-3
42:  The String literal "." is used SECURITY.WSC.SL-3
42:  The String literal "," is used SECURITY.WSC.SL-3
42:  Single character ',' using double quotes in string concatenation OPT.STR-3
43:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
43:  Single character '.' using double quotes in string concatenation OPT.STR-3
43:  The String literal "." is used SECURITY.WSC.SL-3
43:  The String literal "," is used SECURITY.WSC.SL-3
43:  Single character ',' using double quotes in string concatenation OPT.STR-3
44:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
44:  Single character '.' using double quotes in string concatenation OPT.STR-3
44:  The String literal "." is used SECURITY.WSC.SL-3
45:  The String literal " FROM " is used SECURITY.WSC.SL-3
45:  Non internationalized string: " FROM " INTER.ITT-3
46:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
46:  Single character ',' using double quotes in string concatenation OPT.STR-3
46:  The String literal "," is used SECURITY.WSC.SL-3
47:  The String literal "," is used SECURITY.WSC.SL-3
47:  Single character ',' using double quotes in string concatenation OPT.STR-3
48:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
49:  Non internationalized string: " WHERE " INTER.ITT-3
49:  The String literal " WHERE " is used SECURITY.WSC.SL-3
50:  Line is longer than 80 characters: 106 APSC_DV.003215.LL-3
50:  Line is longer than 80 characters: 106 FORMAT.LL-3
50:  Non internationalized string: "LCASE(" INTER.ITT-3
50:  The String literal "LCASE(" is used SECURITY.WSC.SL-3
50:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
50:  Single character '.' using double quotes in string concatenation OPT.STR-3
50:  The String literal "." is used SECURITY.WSC.SL-3
50:  The String literal ")" is used SECURITY.WSC.SL-3
50:  Single character ')' using double quotes in string concatenation OPT.STR-3
50:  Non internationalized string: " LIKE ? AND " INTER.ITT-3
50:  The String literal " LIKE ? AND " is used SECURITY.WSC.SL-3
51:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
51:  Single character '.' using double quotes in string concatenation OPT.STR-3
51:  The String literal "." is used SECURITY.WSC.SL-3
51:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
51:  The String literal " = " is used SECURITY.WSC.SL-3
52:  Line is longer than 80 characters: 83 APSC_DV.003215.LL-3
52:  Line is longer than 80 characters: 83 FORMAT.LL-3
52:  Single character '.' using double quotes in string concatenation OPT.STR-3
52:  The String literal "." is used SECURITY.WSC.SL-3
52:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
52:  Non internationalized string: " AND " INTER.ITT-3
52:  The String literal " AND " is used SECURITY.WSC.SL-3
53:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
53:  Non internationalized string: ".publisher_id = " INTER.ITT-3
53:  The String literal ".publisher_id = " is used SECURITY.WSC.SL-3
54:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
54:  Single character '.' using double quotes in string concatenation OPT.STR-3
54:  The String literal "." is used SECURITY.WSC.SL-3
55:  The declaration of the local variable 'db' is not followed by a comment CODSTA.READ.CLV-5
56:  interface type 'PreparedStatement' is used MOBILE.AUI-3
56:  JDBC resource 'stmt' is not closed in a "finally" block JDBC.RRWD-1
56:  The declaration of the local variable 'stmt' is not followed by a comment CODSTA.READ.CLV-5
57:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
57:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
58:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
58:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
59:  Concatenating strings CERT.STR00.COS-3
59:  Single character '%' using double quotes in string concatenation OPT.STR-3
59:  Concatenating strings INTER.COS-5
59:  The String literal "%" is used SECURITY.WSC.SL-3
59:  The 'toLowerCase' method is called without the java.util.Locale parameter CERT.STR02.CCL-2
59:  The 'toLowerCase' method is called without the java.util.Locale parameter INTER.CCL-3
59:  Single character '%' using double quotes in string concatenation OPT.STR-3
59:  The String literal "%" is used SECURITY.WSC.SL-3
60:  Line is longer than 80 characters: 81 APSC_DV.003215.LL-3
60:  Line is longer than 80 characters: 81 FORMAT.LL-3
60:  There is not 1 space after 'books' APSC_DV.003215.SAOP-3
60:  There is not 1 space after 'books' FORMAT.SAOP-3
60:  Variable 'books' is not declared at the beginning of the block CODSTA.READ.PDBB-4
60:  The declaration of the local variable 'books' is not followed by a comment CODSTA.READ.CLV-5
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore/SubmittedOrder.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Public clone method missing CERT.OBJ05.MUCOP-1
5:  Static creation method missing CERT.OBJ05.MUCOP-1
5:  Copy constructor missing CERT.OBJ05.MUCOP-1
5:  Public clone method missing CERT.OBJ06.MUCOP-2
5:  Static creation method missing CERT.OBJ06.MUCOP-2
5:  Copy constructor missing CERT.OBJ06.MUCOP-2
5:  'clone()' method is missing CERT.OBJ07.MCNC-2
5:  Public clone method missing CERT.OBJ04.MUCOP-3
5:  Static creation method missing CERT.OBJ04.MUCOP-3
5:  Copy constructor missing CERT.OBJ04.MUCOP-3
5:  SubmittedOrder has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
5:  getter method without an @invariant contract: getOrderTime() DBC.IGM-3
5:  getter method without an @invariant contract: getSuccess() DBC.IGM-3
5:  Missing Javadoc comment for 'SubmittedOrder' JAVADOC.PJDC-3
5:  Public clone method missing OOP.MUCOP-3
5:  Static creation method missing OOP.MUCOP-3
5:  Copy constructor missing OOP.MUCOP-3
5:  Globally unused "public" class: com.parasoft.bookstore.SubmittedOrder GLOBAL.UPPC-4
5:  'writeObject()' method is missing CWE.499.SER-5
5:  'clone()' method is missing SECURITY.WSC.MCNC-5
5:  'writeObject()' method is missing SECURITY.WSC.SER-5
5:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
5:  'readObject()' method is missing SECURITY.WSC.DSER-5
6:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
6:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
6:  Missing 'isSuccessIndicator()' method for field 'successIndicator' BEAN.NFM-4
6:  Missing 'setSuccessIndicator()' method for field 'successIndicator' BEAN.NFM-4
6:  Variable 'successIndicator' does not end with 'boolean' NAMING.UHN-4
7:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
7:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
7:  Missing 'getDate()' method for field 'date' BEAN.NFM-4
7:  Missing 'setDate()' method for field 'date' BEAN.NFM-4
7:  Inspect usage of the 'Date' object 'date' SECURITY.BV.ADT-5
9:  No JUnit test method defined for 'SubmittedOrder()' JUNIT.TEST-2
9:  Missing Javadoc comment for method 'SubmittedOrder()' JAVADOC.PJDM-3
9:  Field 'date', declared on line 7, is not initialized in this constructor nor in its declaration INIT.CSI-4
9:  Field 'successIndicator', declared on line 6, is not initialized in this constructor nor in its declaration INIT.CSI-4
13:  No JUnit test method defined for 'SubmittedOrder()' JUNIT.TEST-2
13:  Missing Javadoc comment for method 'SubmittedOrder()' JAVADOC.PJDM-3
13:  Globally unused "public" constructor SubmittedOrder() GLOBAL.UPPM-4
13:  Formal parameter 'successIndicator' is not declared as final CODSTA.BP.FPF-3
13:  The parameter 'successIndicator' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
13:  Parameter 'successIndicator' has the same name as a field OOP.HMF-3
13:  Variable 'successIndicator' does not end with 'boolean' NAMING.UHN-4
13:  Formal parameter 'time' is not declared as final CODSTA.BP.FPF-3
13:  Variable 'time' does not end with 'long' NAMING.UHN-4
18:  No JUnit test method defined for 'setOrderTime()' JUNIT.TEST-2
18:  Missing Javadoc comment for method 'setOrderTime()' JAVADOC.PJDM-3
18:  Globally unused "public" method: setOrderTime() GLOBAL.UPPM-4
18:  Setter method 'setOrderTime()' is not declared "final" OPT.MAF-5
18:  Formal parameter 'date' is not declared as final CODSTA.BP.FPF-3
18:  The parameter 'date' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
18:  Parameter 'date' has the same name as a field OOP.HMF-3
18:  Inspect usage of the 'Date' object 'date' SECURITY.BV.ADT-5
22:  No JUnit test method defined for 'getOrderTime()' JUNIT.TEST-2
22:  The method 'getOrderTime' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
22:  Missing Javadoc comment for method 'getOrderTime()' JAVADOC.PJDM-3
22:  Globally unused "public" method: getOrderTime() GLOBAL.UPPM-4
22:  Getter method 'getOrderTime()' is not declared "final" OPT.MAF-5
26:  No JUnit test method defined for 'setSuccess()' JUNIT.TEST-2
26:  Missing Javadoc comment for method 'setSuccess()' JAVADOC.PJDM-3
26:  Globally unused "public" method: setSuccess() GLOBAL.UPPM-4
26:  Setter method 'setSuccess()' is not declared "final" OPT.MAF-5
26:  Formal parameter 'successIndicator' is not declared as final CODSTA.BP.FPF-3
26:  The parameter 'successIndicator' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
26:  Parameter 'successIndicator' has the same name as a field OOP.HMF-3
26:  Variable 'successIndicator' does not end with 'boolean' NAMING.UHN-4
30:  No JUnit test method defined for 'getSuccess()' JUNIT.TEST-2
30:  Missing Javadoc comment for method 'getSuccess()' JAVADOC.PJDM-3
30:  Name of "boolean" getter method 'getSuccess' does not match user-specified regular expression '^(is|can|has|have|are|was|contains).' NAMING.GETB-3
30:  Globally unused "public" method: getSuccess() GLOBAL.UPPM-4
30:  Getter method 'getSuccess()' is not declared "final" OPT.MAF-5
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore/TempBook.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  Public clone method missing CERT.OBJ05.MUCOP-1
3:  Static creation method missing CERT.OBJ05.MUCOP-1
3:  Copy constructor missing CERT.OBJ05.MUCOP-1
3:  Public clone method missing CERT.OBJ06.MUCOP-2
3:  Static creation method missing CERT.OBJ06.MUCOP-2
3:  Copy constructor missing CERT.OBJ06.MUCOP-2
3:  'clone()' method is missing CERT.OBJ07.MCNC-2
3:  Public clone method missing CERT.OBJ04.MUCOP-3
3:  Static creation method missing CERT.OBJ04.MUCOP-3
3:  Copy constructor missing CERT.OBJ04.MUCOP-3
3:  TempBook has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
3:  getter method without an @invariant contract: getTimestamp() DBC.IGM-3
3:  getter method without an @invariant contract: getBook() DBC.IGM-3
3:  Missing Javadoc comment for 'TempBook' JAVADOC.PJDC-3
3:  Public clone method missing OOP.MUCOP-3
3:  Static creation method missing OOP.MUCOP-3
3:  Copy constructor missing OOP.MUCOP-3
3:  Class 'com.parasoft.bookstore.TempBook' should be declared "package-private" GLOBAL.DPPC-4
3:  'writeObject()' method is missing CWE.499.SER-5
3:  Class 'com.parasoft.bookstore.TempBook' should be declared "final" GLOBAL.SPPC-5
3:  'clone()' method is missing SECURITY.WSC.MCNC-5
3:  'writeObject()' method is missing SECURITY.WSC.SER-5
3:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
3:  'readObject()' method is missing SECURITY.WSC.DSER-5
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
5:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
5:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
5:  Variable 'timestamp' does not end with 'long' NAMING.UHN-4
7:  No JUnit test method defined for 'TempBook()' JUNIT.TEST-2
7:  Missing Javadoc comment for method 'TempBook()' JAVADOC.PJDM-3
7:  Field 'timestamp', declared on line 5, is not initialized in this constructor nor in its declaration INIT.CSI-4
7:  Field 'book', declared on line 4, is not initialized in this constructor nor in its declaration INIT.CSI-4
11:  No JUnit test method defined for 'TempBook()' JUNIT.TEST-2
11:  Missing Javadoc comment for method 'TempBook()' JAVADOC.PJDM-3
11:  Globally unused "public" constructor TempBook() GLOBAL.UPPM-4
11:  Formal parameter 'book' is not declared as final CODSTA.BP.FPF-3
11:  The parameter 'book' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
11:  Parameter 'book' has the same name as a field OOP.HMF-3
11:  Formal parameter 'timestamp' is not declared as final CODSTA.BP.FPF-3
11:  The parameter 'timestamp' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
11:  Parameter 'timestamp' has the same name as a field OOP.HMF-3
11:  Variable 'timestamp' does not end with 'long' NAMING.UHN-4
16:  No JUnit test method defined for 'getTimestamp()' JUNIT.TEST-2
16:  Globally unused "public" method: getTimestamp() GLOBAL.UPPM-4
16:  Getter method 'getTimestamp()' is not declared "final" OPT.MAF-5
20:  Setter method 'setTimestamp()' is not declared "final" OPT.MAF-5
20:  No JUnit test method defined for 'setTimestamp()' JUNIT.TEST-2
20:  Globally unused "public" method: setTimestamp() GLOBAL.UPPM-4
20:  Formal parameter 'timestamp' is not declared as final CODSTA.BP.FPF-3
20:  The parameter 'timestamp' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
20:  Parameter 'timestamp' has the same name as a field OOP.HMF-3
20:  Variable 'timestamp' does not end with 'long' NAMING.UHN-4
24:  No JUnit test method defined for 'getBook()' JUNIT.TEST-2
24:  The method 'getBook' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
24:  Method 'getBook()' should be declared "package-private" CWE.749.DPPM-4
24:  Method 'getBook()' should be declared "package-private" GLOBAL.DPPM-4
24:  Method 'getBook()' should be declared "final" GLOBAL.SPPM-5
24:  Getter method 'getBook()' is not declared "final" OPT.MAF-5
28:  Setter method 'setBook()' is not declared "final" OPT.MAF-5
28:  No JUnit test method defined for 'setBook()' JUNIT.TEST-2
28:  Globally unused "public" method: setBook() GLOBAL.UPPM-4
28:  Formal parameter 'book' is not declared as final CODSTA.BP.FPF-3
28:  The parameter 'book' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
28:  Parameter 'book' has the same name as a field OOP.HMF-3
32:  No JUnit test method defined for 'refreshTimestamp()' JUNIT.TEST-2
32:  Missing Javadoc comment for method 'refreshTimestamp()' JAVADOC.PJDM-3
32:  Name of setter method 'refreshTimestamp' does not match user-specified regular expression '^set.' NAMING.SETA-3
32:  Method 'refreshTimestamp()' should be declared "package-private" CWE.749.DPPM-4
32:  Method 'refreshTimestamp()' should be declared "package-private" GLOBAL.DPPM-4
32:  Method 'refreshTimestamp()' should be declared "final" GLOBAL.SPPM-5
33:  Inspect that 'System.currentTimeMillis()' is used securely SECURITY.BV.ADT-5
35:  File should be terminated by a newline character APSC_DV.003215.TNL-3
35:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore2/Book.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
4:  "import java.math.BigDecimal" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
4:  "import java.math.BigDecimal" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
5:  "import java.util.Date" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
5:  "import java.util.Date" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
7:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
7:  Use 2 blank lines before type declaration FORMAT.BLCD-3
7:  Public clone method missing CERT.OBJ05.MUCOP-1
7:  Static creation method missing CERT.OBJ05.MUCOP-1
7:  Copy constructor missing CERT.OBJ05.MUCOP-1
7:  Serializable class 'Book' does not implement readObject() APSC_DV.001460.OROM-2
7:  Public clone method missing CERT.OBJ06.MUCOP-2
7:  Static creation method missing CERT.OBJ06.MUCOP-2
7:  Copy constructor missing CERT.OBJ06.MUCOP-2
7:  'clone()' method is missing CERT.OBJ07.MCNC-2
7:  Public clone method missing CERT.OBJ04.MUCOP-3
7:  Static creation method missing CERT.OBJ04.MUCOP-3
7:  Copy constructor missing CERT.OBJ04.MUCOP-3
7:  Book has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
7:  getter method without an @invariant contract: getISBN() DBC.IGM-3
7:  getter method without an @invariant contract: getGenre() DBC.IGM-3
7:  getter method without an @invariant contract: getPublicationDate() DBC.IGM-3
7:  getter method without an @invariant contract: getDescription() DBC.IGM-3
7:  getter method without an @invariant contract: getAuthors() DBC.IGM-3
7:  getter method without an @invariant contract: getPublisher() DBC.IGM-3
7:  getter method without an @invariant contract: getTimestamp() DBC.IGM-3
7:  getter method without an @invariant contract: getProductInfo() DBC.IGM-3
7:  Missing Javadoc comment for 'Book' JAVADOC.PJDC-3
7:  Public clone method missing OOP.MUCOP-3
7:  Static creation method missing OOP.MUCOP-3
7:  Copy constructor missing OOP.MUCOP-3
7:  Book implements Serializable instead of Externalizable SERIAL.EZEE-3
7:  Class 'com.parasoft.bookstore2.Book' should be declared "package-private" GLOBAL.DPPC-4
7:  Class 'com.parasoft.bookstore2.Book' should be declared "final" GLOBAL.SPPC-5
7:  Serializable class 'Book' does not implement readObject() OWASP2017.A8.OROM-5
7:  Serializable class 'Book' does not implement readObject() OWASP2021.A8.OROM-5
7:  Serializable class 'Book' does not implement readObject() SECURITY.EAB.OROM-5
7:  'clone()' method is missing SECURITY.WSC.MCNC-5
7:  Number of Javadoc comments are below thresholds (%): 4.0 METRICS.PJDC-3
7:  interface type 'Serializable' is used MOBILE.AUI-3
8:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
8:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
8:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
12:  Inspect field 'isbn' to ensure it will not expose sensitive data CWE.499.SIF-1
12:  Inspect field 'isbn' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
12:  Inspect field 'isbn' to ensure it will not expose sensitive data CERT.SER03.SIF-2
12:  Missing 'getIsbn()' method for field 'isbn' BEAN.NFM-4
12:  Missing 'setIsbn()' method for field 'isbn' BEAN.NFM-4
12:  Field 'isbn' should be declared "private" GLOBAL.DPPF-4
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
13:  Inspect field 'genre' to ensure it will not expose sensitive data CWE.499.SIF-1
13:  Inspect field 'genre' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
13:  Inspect field 'genre' to ensure it will not expose sensitive data CERT.SER03.SIF-2
13:  Field 'genre' should be declared "private" GLOBAL.DPPF-4
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
14:  Inspect field 'publication_date' to ensure it will not expose sensitive data CWE.499.SIF-1
14:  Inspect field 'publication_date' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
14:  Inspect field 'publication_date' to ensure it will not expose sensitive data CERT.SER03.SIF-2
14:  Missing 'getPublication_date()' method for field 'publication_date' BEAN.NFM-4
14:  Missing 'setPublication_date()' method for field 'publication_date' BEAN.NFM-4
14:  Field 'publication_date' should be declared "private" GLOBAL.DPPF-4
14:  Inspect usage of the 'Date' object 'publication_date' SECURITY.BV.ADT-5
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
15:  Inspect field 'description' to ensure it will not expose sensitive data CWE.499.SIF-1
15:  Inspect field 'description' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
15:  Inspect field 'description' to ensure it will not expose sensitive data CERT.SER03.SIF-2
15:  Field 'description' should be declared "private" GLOBAL.DPPF-4
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
16:  Inspect field 'authors' to ensure it will not expose sensitive data CWE.499.SIF-1
16:  Inspect field 'authors' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
16:  Inspect field 'authors' to ensure it will not expose sensitive data CERT.SER03.SIF-2
16:  Field 'authors' should be declared "private" GLOBAL.DPPF-4
17:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
17:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
17:  Inspect field 'publisher' to ensure it will not expose sensitive data CWE.499.SIF-1
17:  Inspect field 'publisher' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
17:  Inspect field 'publisher' to ensure it will not expose sensitive data CERT.SER03.SIF-2
17:  Field 'publisher' should be declared "private" GLOBAL.DPPF-4
18:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
18:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
18:  Inspect field 'timestamp' to ensure it will not expose sensitive data CWE.499.SIF-1
18:  Inspect field 'timestamp' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
18:  Inspect field 'timestamp' to ensure it will not expose sensitive data CERT.SER03.SIF-2
18:  Missing 'setTimestamp()' method for field 'timestamp' BEAN.NFM-4
18:  Field 'timestamp' should be declared "private" GLOBAL.DPPF-4
18:  Variable 'timestamp' does not end with 'long' NAMING.UHN-4
19:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
19:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
19:  Inspect field 'product' to ensure it will not expose sensitive data CWE.499.SIF-1
19:  Inspect field 'product' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
19:  Inspect field 'product' to ensure it will not expose sensitive data CERT.SER03.SIF-2
19:  Missing 'getProduct()' method for field 'product' BEAN.NFM-4
19:  Missing 'setProduct()' method for field 'product' BEAN.NFM-4
19:  Field 'product' should be declared "private" GLOBAL.DPPF-4
21:  No JUnit test method defined for 'Book()' JUNIT.TEST-2
21:  Missing Javadoc comment for method 'Book()' JAVADOC.PJDM-3
21:  Field 'timestamp', declared on line 18, is not initialized in this constructor nor in its declaration INIT.CSI-4
21:  Field 'product', declared on line 19, is not initialized in this constructor nor in its declaration INIT.CSI-4
21:  Field 'description', declared on line 15, is not initialized in this constructor nor in its declaration INIT.CSI-4
21:  Field 'isbn', declared on line 12, is not initialized in this constructor nor in its declaration INIT.CSI-4
21:  Field 'publication_date', declared on line 14, is not initialized in this constructor nor in its declaration INIT.CSI-4
21:  Field 'publisher', declared on line 17, is not initialized in this constructor nor in its declaration INIT.CSI-4
21:  Field 'genre', declared on line 13, is not initialized in this constructor nor in its declaration INIT.CSI-4
21:  Field 'authors', declared on line 16, is not initialized in this constructor nor in its declaration INIT.CSI-4
25:  Constructor 'Book' throws 'ItemNotFoundException' CERT.OBJ11.EPNFC-1
25:  No JUnit test method defined for 'Book()' JUNIT.TEST-2
25:  Constructor 'Book' throws 'ItemNotFoundException' EXCEPT.EPNFC-3
25:  Missing Javadoc comment for method 'Book()' JAVADOC.PJDM-3
25:  Constructor 'Book()' should be declared "package-private" CWE.749.DPPM-4
25:  Constructor 'Book()' should be declared "package-private" GLOBAL.DPPM-4
25:  Field 'timestamp', declared on line 18, is not initialized in this constructor nor in its declaration INIT.CSI-4
25:  'Book ()' contains too many parameters: 7 METRICS.PAR-2
25:  Formal parameter 'isbn' is not declared as final CODSTA.BP.FPF-3
25:  The parameter 'isbn' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
25:  Parameter 'isbn' has the same name as a field OOP.HMF-3
25:  Formal parameter 'genre' is not declared as final CODSTA.BP.FPF-3
25:  The parameter 'genre' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
25:  Parameter 'genre' has the same name as a field OOP.HMF-3
25:  Formal parameter 'year' is not declared as final CODSTA.BP.FPF-3
25:  Inspect usage of the 'Date' object 'year' SECURITY.BV.ADT-5
25:  Array parameter 'authors' is not cloned before it is stored CWE.496.CAP-1
25:  Array parameter 'authors' is not cloned before it is stored SECURITY.WSC.CAP-1
25:  Formal parameter 'authors' is not declared as final CODSTA.BP.FPF-3
25:  The parameter 'authors' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
25:  Parameter 'authors' has the same name as a field OOP.HMF-3
26:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
26:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
26:  Formal parameter 'publisher' is not declared as final CODSTA.BP.FPF-3
26:  The parameter 'publisher' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
26:  Parameter 'publisher' has the same name as a field OOP.HMF-3
26:  Formal parameter 'description' is not declared as final CODSTA.BP.FPF-3
26:  The parameter 'description' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
26:  Parameter 'description' has the same name as a field OOP.HMF-3
26:  Formal parameter 'product' is not declared as final CODSTA.BP.FPF-3
26:  The parameter 'product' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
26:  Parameter 'product' has the same name as a field OOP.HMF-3
27:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
27:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
27:  Exception 'ItemNotFoundException' is not thrown in the body of method 'Book' GLOBAL.AUT-2
28:  Opening brace '{' is not on the same line as the constructor declaration APSC_DV.003215.FCB-3
28:  Opening brace '{' is not on the same line as the constructor declaration FORMAT.FCB-3
32:  This assignment may store the original parameter 'year' rather than a copy of the parameter into the field 'publication_date' CERT.OBJ05.SMO-1
32:  This assignment may store the original parameter 'year' rather than a copy of the parameter into the field 'publication_date' CERT.OBJ06.SMO-2
32:  This assignment may store the original parameter 'year' rather than a copy of the parameter into the field 'publication_date' CERT.OBJ04.SMO-3
32:  This assignment may store the original parameter 'year' rather than a copy of the parameter into the field 'publication_date' SECURITY.EAB.SMO-3
39:  No JUnit test method defined for 'getISBN()' JUNIT.TEST-2
39:  The method 'getISBN' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
39:  Globally unused "public" method: getISBN() GLOBAL.UPPM-4
39:  Getter method 'getISBN()' is not declared "final" OPT.MAF-5
43:  Setter method 'setISBN()' is not declared "final" OPT.MAF-5
43:  No JUnit test method defined for 'setISBN()' JUNIT.TEST-2
43:  Globally unused "public" method: setISBN() GLOBAL.UPPM-4
43:  Formal parameter 'isbn' is not declared as final CODSTA.BP.FPF-3
43:  The parameter 'isbn' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
43:  Parameter 'isbn' has the same name as a field OOP.HMF-3
47:  No JUnit test method defined for 'getGenre()' JUNIT.TEST-2
47:  The method 'getGenre' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
47:  Globally unused "public" method: getGenre() GLOBAL.UPPM-4
47:  Getter method 'getGenre()' is not declared "final" OPT.MAF-5
51:  Setter method 'setGenre()' is not declared "final" OPT.MAF-5
51:  No JUnit test method defined for 'setGenre()' JUNIT.TEST-2
51:  Globally unused "public" method: setGenre() GLOBAL.UPPM-4
51:  Formal parameter 'genre' is not declared as final CODSTA.BP.FPF-3
51:  The parameter 'genre' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
51:  Parameter 'genre' has the same name as a field OOP.HMF-3
55:  No JUnit test method defined for 'getPublicationDate()' JUNIT.TEST-2
55:  The method 'getPublicationDate' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
55:  Globally unused "public" method: getPublicationDate() GLOBAL.UPPM-4
55:  Getter method 'getPublicationDate()' is not declared "final" OPT.MAF-5
59:  Setter method 'setPublicationDate()' is not declared "final" OPT.MAF-5
59:  No JUnit test method defined for 'setPublicationDate()' JUNIT.TEST-2
59:  Globally unused "public" method: setPublicationDate() GLOBAL.UPPM-4
59:  Formal parameter 'publication_date' is not declared as final CODSTA.BP.FPF-3
59:  The parameter 'publication_date' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
59:  Parameter 'publication_date' has the same name as a field OOP.HMF-3
59:  Inspect usage of the 'Date' object 'publication_date' SECURITY.BV.ADT-5
63:  No JUnit test method defined for 'getDescription()' JUNIT.TEST-2
63:  The method 'getDescription' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
63:  Globally unused "public" method: getDescription() GLOBAL.UPPM-4
63:  Getter method 'getDescription()' is not declared "final" OPT.MAF-5
67:  Setter method 'setDescription()' is not declared "final" OPT.MAF-5
67:  No JUnit test method defined for 'setDescription()' JUNIT.TEST-2
67:  Globally unused "public" method: setDescription() GLOBAL.UPPM-4
67:  Formal parameter 'description' is not declared as final CODSTA.BP.FPF-3
67:  The parameter 'description' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
67:  Parameter 'description' has the same name as a field OOP.HMF-3
71:  No JUnit test method defined for 'getAuthors()' JUNIT.TEST-2
71:  The method 'getAuthors' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
71:  Globally unused "public" method: getAuthors() GLOBAL.UPPM-4
71:  Getter method 'getAuthors()' is not declared "final" OPT.MAF-5
72:  Exposing the internal representation of 'Book' through the array 'authors' CWE.375.RA-3
72:  Exposing the internal representation of 'Book' through the array 'authors' CWE.495.RA-3
72:  Exposing the internal representation of 'Book' through the array 'authors' SECURITY.ESD.RA-3
75:  No JUnit test method defined for 'setAuthors()' JUNIT.TEST-2
75:  Globally unused "public" method: setAuthors() GLOBAL.UPPM-4
75:  Setter method 'setAuthors()' is not declared "final" OPT.MAF-5
75:  Array parameter 'authors' is not cloned before it is stored CWE.496.CAP-1
75:  Array parameter 'authors' is not cloned before it is stored SECURITY.WSC.CAP-1
75:  Formal parameter 'authors' is not declared as final CODSTA.BP.FPF-3
75:  The parameter 'authors' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
75:  Parameter 'authors' has the same name as a field OOP.HMF-3
79:  No JUnit test method defined for 'getPublisher()' JUNIT.TEST-2
79:  The method 'getPublisher' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
79:  Globally unused "public" method: getPublisher() GLOBAL.UPPM-4
79:  Getter method 'getPublisher()' is not declared "final" OPT.MAF-5
83:  Setter method 'setPublisher()' is not declared "final" OPT.MAF-5
83:  No JUnit test method defined for 'setPublisher()' JUNIT.TEST-2
83:  Globally unused "public" method: setPublisher() GLOBAL.UPPM-4
83:  Formal parameter 'publisher' is not declared as final CODSTA.BP.FPF-3
83:  The parameter 'publisher' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
83:  Parameter 'publisher' has the same name as a field OOP.HMF-3
87:  No JUnit test method defined for 'getTimestamp()' JUNIT.TEST-2
87:  Globally unused "public" method: getTimestamp() GLOBAL.UPPM-4
87:  Getter method 'getTimestamp()' is not declared "final" OPT.MAF-5
91:  No JUnit test method defined for 'refreshTimestamp()' JUNIT.TEST-2
91:  Missing Javadoc comment for method 'refreshTimestamp()' JAVADOC.PJDM-3
91:  Name of setter method 'refreshTimestamp' does not match user-specified regular expression '^set.' NAMING.SETA-3
91:  Globally unused "public" method: refreshTimestamp() GLOBAL.UPPM-4
92:  Inspect that 'System.currentTimeMillis()' is used securely SECURITY.BV.ADT-5
95:  No JUnit test method defined for 'getProductInfo()' JUNIT.TEST-2
95:  The method 'getProductInfo' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
95:  Missing Javadoc comment for method 'getProductInfo()' JAVADOC.PJDM-3
95:  Method 'getProductInfo()' should be declared "package-private" CWE.749.DPPM-4
95:  Method 'getProductInfo()' should be declared "package-private" GLOBAL.DPPM-4
95:  Method 'getProductInfo()' should be declared "final" GLOBAL.SPPM-5
95:  Getter method 'getProductInfo()' is not declared "final" OPT.MAF-5
99:  Setter method 'setProductInfo()' is not declared "final" OPT.MAF-5
99:  No JUnit test method defined for 'setProductInfo()' JUNIT.TEST-2
99:  Missing Javadoc comment for method 'setProductInfo()' JAVADOC.PJDM-3
99:  Globally unused "public" method: setProductInfo() GLOBAL.UPPM-4
99:  Formal parameter 'product' is not declared as final CODSTA.BP.FPF-3
99:  The parameter 'product' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
99:  Parameter 'product' has the same name as a field OOP.HMF-3
103:  No JUnit test method defined for 'inflatePrice()' JUNIT.TEST-2
103:  Missing Javadoc comment for method 'inflatePrice()' JAVADOC.PJDM-3
103:  Globally unused "public" method: inflatePrice() GLOBAL.UPPM-4
103:  Formal parameter 'bigDecimal' is not declared as final CODSTA.BP.FPF-3
106:  File should be terminated by a newline character APSC_DV.003215.TNL-3
106:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore2/BookStoreDB.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
4:  "import java.sql.Date" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
4:  "import java.sql.Date" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
8:  "import java.util.Enumeration" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
8:  "import java.util.Enumeration" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
12:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
12:  Use 2 blank lines before type declaration FORMAT.BLCD-3
12:  Public clone method missing CERT.OBJ05.MUCOP-1
12:  Static creation method missing CERT.OBJ05.MUCOP-1
12:  Copy constructor missing CERT.OBJ05.MUCOP-1
12:  Public clone method missing CERT.OBJ06.MUCOP-2
12:  Static creation method missing CERT.OBJ06.MUCOP-2
12:  Copy constructor missing CERT.OBJ06.MUCOP-2
12:  'clone()' method is missing CERT.OBJ07.MCNC-2
12:  Public clone method missing CERT.OBJ04.MUCOP-3
12:  Static creation method missing CERT.OBJ04.MUCOP-3
12:  Copy constructor missing CERT.OBJ04.MUCOP-3
12:  Missing Javadoc comment for 'BookStoreDB' JAVADOC.PJDC-3
12:  Name of singleton class 'BookStoreDB' does not match user-specified regular expression '^.+Singleton$' NAMING.SINGLETON-3
12:  Public clone method missing OOP.MUCOP-3
12:  Static creation method missing OOP.MUCOP-3
12:  Copy constructor missing OOP.MUCOP-3
12:  Globally unused "public" class: com.parasoft.bookstore2.BookStoreDB GLOBAL.UPPC-4
12:  This class is not declared as "final" although it has only "private" constructors CODSTA.BP.PCF-3
12:  'BookStoreDB' contains too many fields: 17 METRICS.NOFT-4
12:  Number of Javadoc comments are below thresholds (%): 5.0 METRICS.PJDC-3
12:  'readObject()' method is missing SECURITY.WSC.DSER-5
12:  'writeObject()' method is missing CWE.499.SER-5
12:  'clone()' method is missing SECURITY.WSC.MCNC-5
12:  'writeObject()' method is missing SECURITY.WSC.SER-5
13:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
13:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
13:  Variable 'MAX_BOOKS_TO_ADD' does not end with 'int' NAMING.UHN-4
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
14:  There is not 1 space after 'NL_TABLE_BOOK' APSC_DV.003215.SAOP-3
14:  There is not 1 space after 'NL_TABLE_BOOK' FORMAT.SAOP-3
14:  Non internationalized string: "book" INTER.ITT-3
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
15:  There is not 1 space after 'NL_TABLE_AUTHOR' APSC_DV.003215.SAOP-3
15:  There is not 1 space after 'NL_TABLE_AUTHOR' FORMAT.SAOP-3
15:  Non internationalized string: "author" INTER.ITT-3
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
16:  Non internationalized string: "publisher" INTER.ITT-3
18:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
18:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
18:  There is not 1 space after 'NL_ID' APSC_DV.003215.SAOP-3
18:  There is not 1 space after 'NL_ID' FORMAT.SAOP-3
18:  Non internationalized string: "id" INTER.ITT-3
19:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
19:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
19:  There is not 1 space after 'NL_ISBN' APSC_DV.003215.SAOP-3
19:  There is not 1 space after 'NL_ISBN' FORMAT.SAOP-3
19:  Non internationalized string: "isbn" INTER.ITT-3
19:  Misspelled word 'isbn' JAVADOC.SPELL-3
20:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
20:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
20:  There is not 1 space after 'NL_GENRE' APSC_DV.003215.SAOP-3
20:  There is not 1 space after 'NL_GENRE' FORMAT.SAOP-3
20:  Non internationalized string: "genre" INTER.ITT-3
21:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
21:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
21:  There is not 1 space after 'NL_TITLE' APSC_DV.003215.SAOP-3
21:  There is not 1 space after 'NL_TITLE' FORMAT.SAOP-3
21:  Non internationalized string: "title" INTER.ITT-3
22:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
22:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
22:  There is not 1 space after 'NL_YEAR' APSC_DV.003215.SAOP-3
22:  There is not 1 space after 'NL_YEAR' FORMAT.SAOP-3
22:  Non internationalized string: "year" INTER.ITT-3
23:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
23:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
23:  There is not 1 space after 'NL_NAME' APSC_DV.003215.SAOP-3
23:  There is not 1 space after 'NL_NAME' FORMAT.SAOP-3
23:  Non internationalized string: "name" INTER.ITT-3
24:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
24:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
24:  Non internationalized string: "description" INTER.ITT-3
25:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
25:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
25:  There is not 1 space after 'NL_PRICE' APSC_DV.003215.SAOP-3
25:  There is not 1 space after 'NL_PRICE' FORMAT.SAOP-3
25:  Non internationalized string: "price" INTER.ITT-3
26:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
26:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
26:  There is not 1 space after 'NL_STOCK' APSC_DV.003215.SAOP-3
26:  There is not 1 space after 'NL_STOCK' FORMAT.SAOP-3
26:  Non internationalized string: "stock" INTER.ITT-3
28:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
28:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
28:  Non internationalized string: "PN" INTER.ITT-3
29:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
29:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
29:  Non internationalized string: "AN" INTER.ITT-3
33:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
33:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
33:  Found "static" variable of type "Map" or "Collection": 'addedBooks' GC.STV-3
33:  "static" field 'addedBooks' not initialized INIT.SF-3
35:  Constructor 'BookStoreDB' throws 'SQLException, InstantiationException, IllegalAccessException, ClassNotFoundException' CERT.OBJ11.EPNFC-1
35:  Constructor 'BookStoreDB' throws 'SQLException, InstantiationException, IllegalAccessException, ClassNotFoundException' EXCEPT.EPNFC-3
36:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
36:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
40:  Opening brace '{' is not on the same line as the constructor declaration APSC_DV.003215.FCB-3
40:  Opening brace '{' is not on the same line as the constructor declaration FORMAT.FCB-3
44:  No JUnit test method defined for 'getDBInstance()' JUNIT.TEST-2
44:  Elements in 'BookStoreDB' not ordered appropriately, first violation: method 'getDBInstance' at line 44 should be placed before constructor 'BookStoreDB' at line 35 CODSTA.ORG.FO-3
44:  The method 'getDBInstance' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
44:  Missing Javadoc comment for method 'getDBInstance()' JAVADOC.PJDM-3
44:  The class 'BookStoreDB' is a singleton, but the method 'getDBInstance()' to get the singleton instance is not "synchronized" OOP.SNGL-3
44:  Method 'getDBInstance()' should be declared "private" CWE.749.DPPM-4
44:  Method 'getDBInstance()' should be declared "private" GLOBAL.DPPM-4
45:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
45:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
49:  Opening brace '{' is not on the same line as the method declaration APSC_DV.003215.FCB-3
49:  Opening brace '{' is not on the same line as the method declaration FORMAT.FCB-3
50:  Lazy initialization is not thread-safe: db CERT.MSC07.ILI-3
50:  Lazy initialization is not thread-safe: db CWE.543.ILI-3
50:  Lazy initialization is not thread-safe: db TRS.ILI-3
50:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
50:  Parenthesis not followed by 1 space FORMAT.SAP-3
51:  This code may not be thread-safe; setting and accessing the field 'db' may require synchronization CERT.LCK05.IASF-3
51:  This code may not be thread-safe; setting and accessing the field 'db' may require synchronization CWE.543.IASF-3
51:  This code may not be thread-safe; setting and accessing the field 'db' may require synchronization TRS.IASF-3
52:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
52:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
52:  Parenthesis not followed by 1 space FORMAT.SAP-3
54:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
62:  No JUnit test method defined for 'getByTitleLike()' JUNIT.TEST-2
62:  The '@post'/'@return' tag(s) for the method 'getByTitleLike' do not properly describe whether or not the method can return null JAVADOC.CRN-3
62:  Missing Javadoc tag '@since' for method 'getByTitleLike()' JAVADOC.ECTM-3
62:  Method 'getByTitleLike' is missing '@throws java.sql.SQLException' in Javadoc comment JAVADOC.THROW-3
62:  Method 'getByTitleLike' is missing '@throws java.lang.InstantiationException' in Javadoc comment JAVADOC.THROW-3
62:  Method 'getByTitleLike' is missing '@throws java.lang.IllegalAccessException' in Javadoc comment JAVADOC.THROW-3
62:  Method 'getByTitleLike' is missing '@throws java.lang.ClassNotFoundException' in Javadoc comment JAVADOC.THROW-3
62:  Method 'getByTitleLike' is missing '@throws com.parasoft.bookstore2.ItemNotFoundException' in Javadoc comment JAVADOC.THROW-3
62:  Globally unused "public" method: getByTitleLike() GLOBAL.UPPM-4
62:  Method 'getByTitleLike' is missing '@throws java.sql.SQLException' in Javadoc comment OWASP2019.API9.THROW-5
62:  Method 'getByTitleLike' is missing '@throws java.lang.InstantiationException' in Javadoc comment OWASP2019.API9.THROW-5
62:  Method 'getByTitleLike' is missing '@throws java.lang.IllegalAccessException' in Javadoc comment OWASP2019.API9.THROW-5
62:  Method 'getByTitleLike' is missing '@throws java.lang.ClassNotFoundException' in Javadoc comment OWASP2019.API9.THROW-5
62:  Method 'getByTitleLike' is missing '@throws com.parasoft.bookstore2.ItemNotFoundException' in Javadoc comment OWASP2019.API9.THROW-5
62:  "public" method without a '@post' contract: getByTitleLike () DBC.PUBMPOST-3
62:  "public" method without a '@pre' contract: getByTitleLike DBC.PUBMPRE-3
62:  'getByTitleLike ()' contains too many 'statements': 58 METRICS.NSTMT-3
62:  Method 'getByTitleLike()' contains too many lines: 116.0 METRICS.TNLM-2
62:  'getByTitleLike ()' contains too many method calls: 43 METRICS.TNMC-2
62:  Formal parameter 'titlePart' is not declared as final CODSTA.BP.FPF-3
63:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
63:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
68:  Opening brace '{' is not on the same line as the method declaration APSC_DV.003215.FCB-3
68:  Opening brace '{' is not on the same line as the method declaration FORMAT.FCB-3
69:  The declaration of the local variable 'query' is not followed by a comment CODSTA.READ.CLV-5
69:  Concatenating strings INTER.COS-5
69:  Concatenating strings CERT.STR00.COS-3
69:  Non internationalized string: "SELECT DISTINCT " INTER.ITT-3
69:  The String literal "SELECT DISTINCT " is used SECURITY.WSC.SL-3
70:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
70:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
70:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
70:  Single character '.' using double quotes in string concatenation OPT.STR-3
70:  The String literal "." is used SECURITY.WSC.SL-3
70:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
70:  Single character ',' using double quotes in string concatenation OPT.STR-3
70:  The String literal "," is used SECURITY.WSC.SL-3
71:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
71:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
71:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
71:  Single character '.' using double quotes in string concatenation OPT.STR-3
71:  The String literal "." is used SECURITY.WSC.SL-3
71:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
71:  Single character ',' using double quotes in string concatenation OPT.STR-3
71:  The String literal "," is used SECURITY.WSC.SL-3
72:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
72:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
72:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
72:  Single character '.' using double quotes in string concatenation OPT.STR-3
72:  The String literal "." is used SECURITY.WSC.SL-3
72:  field 'NL_TITLE' is used multiple times MOBILE.ACFM-3
72:  Single character ',' using double quotes in string concatenation OPT.STR-3
72:  The String literal "," is used SECURITY.WSC.SL-3
73:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
73:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
73:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
73:  Single character '.' using double quotes in string concatenation OPT.STR-3
73:  The String literal "." is used SECURITY.WSC.SL-3
73:  The String literal "," is used SECURITY.WSC.SL-3
73:  Single character ',' using double quotes in string concatenation OPT.STR-3
74:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
74:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
74:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
74:  Single character '.' using double quotes in string concatenation OPT.STR-3
74:  The String literal "." is used SECURITY.WSC.SL-3
74:  The String literal "," is used SECURITY.WSC.SL-3
74:  Single character ',' using double quotes in string concatenation OPT.STR-3
75:  Line is longer than 80 characters: 83 APSC_DV.003215.LL-3
75:  Line is longer than 80 characters: 83 FORMAT.LL-3
75:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
75:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
75:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
75:  Single character '.' using double quotes in string concatenation OPT.STR-3
75:  The String literal "." is used SECURITY.WSC.SL-3
75:  The String literal " as " is used SECURITY.WSC.SL-3
75:  Non internationalized string: " as " INTER.ITT-3
75:  Single character ',' using double quotes in string concatenation OPT.STR-3
75:  The String literal "," is used SECURITY.WSC.SL-3
76:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
76:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
76:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
76:  Single character '.' using double quotes in string concatenation OPT.STR-3
76:  The String literal "." is used SECURITY.WSC.SL-3
76:  The String literal "," is used SECURITY.WSC.SL-3
76:  Single character ',' using double quotes in string concatenation OPT.STR-3
77:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
77:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
77:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
77:  Single character '.' using double quotes in string concatenation OPT.STR-3
77:  The String literal "." is used SECURITY.WSC.SL-3
77:  The String literal "," is used SECURITY.WSC.SL-3
77:  Single character ',' using double quotes in string concatenation OPT.STR-3
78:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
78:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
78:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
78:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
78:  Single character '.' using double quotes in string concatenation OPT.STR-3
78:  The String literal "." is used SECURITY.WSC.SL-3
79:  The String literal " FROM " is used SECURITY.WSC.SL-3
79:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
79:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
79:  Non internationalized string: " FROM " INTER.ITT-3
80:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
80:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
80:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
80:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
80:  Single character ',' using double quotes in string concatenation OPT.STR-3
80:  The String literal "," is used SECURITY.WSC.SL-3
81:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
81:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
81:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
81:  Single character ',' using double quotes in string concatenation OPT.STR-3
81:  The String literal "," is used SECURITY.WSC.SL-3
82:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
82:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
82:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
83:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
83:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
83:  Non internationalized string: " WHERE " INTER.ITT-3
83:  The String literal " WHERE " is used SECURITY.WSC.SL-3
84:  The String literal "LCASE(" is used SECURITY.WSC.SL-3
84:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
84:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
84:  Non internationalized string: "LCASE(" INTER.ITT-3
84:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
84:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
84:  Single character '.' using double quotes in string concatenation OPT.STR-3
84:  The String literal "." is used SECURITY.WSC.SL-3
84:  field 'NL_TITLE' is used multiple times MOBILE.ACFM-3
84:  Single character ')' using double quotes in string concatenation OPT.STR-3
84:  The String literal ")" is used SECURITY.WSC.SL-3
84:  The String literal " LIKE ? AND " is used SECURITY.WSC.SL-3
84:  Non internationalized string: " LIKE ? AND " INTER.ITT-3
85:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
85:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
85:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
85:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
85:  Single character '.' using double quotes in string concatenation OPT.STR-3
85:  The String literal "." is used SECURITY.WSC.SL-3
85:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
85:  The String literal " = " is used SECURITY.WSC.SL-3
86:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
86:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
86:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
86:  Single character '.' using double quotes in string concatenation OPT.STR-3
86:  The String literal "." is used SECURITY.WSC.SL-3
86:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
86:  Non internationalized string: " AND " INTER.ITT-3
86:  The String literal " AND " is used SECURITY.WSC.SL-3
87:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
87:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
87:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
87:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
87:  Non internationalized string: ".publisher_id = " INTER.ITT-3
87:  The String literal ".publisher_id = " is used SECURITY.WSC.SL-3
88:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
88:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
88:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
88:  Single character '.' using double quotes in string concatenation OPT.STR-3
88:  The String literal "." is used SECURITY.WSC.SL-3
88:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
90:  The local variable 'db' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
90:  Local variable 'db' has the same name as a field OOP.HMF-3
90:  The declaration of the local variable 'db' is not followed by a comment CODSTA.READ.CLV-5
91:  interface type 'PreparedStatement' is used MOBILE.AUI-3
91:  JDBC resource 'stmt' is not closed in a "finally" block JDBC.RRWD-1
91:  The declaration of the local variable 'stmt' is not followed by a comment CODSTA.READ.CLV-5
92:  Line is longer than 80 characters: 87 APSC_DV.003215.LL-3
92:  Line is longer than 80 characters: 87 FORMAT.LL-3
92:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
92:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
93:  Line is longer than 80 characters: 81 APSC_DV.003215.LL-3
93:  Line is longer than 80 characters: 81 FORMAT.LL-3
93:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
93:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
94:  Concatenating strings CERT.STR00.COS-3
94:  Single character '%' using double quotes in string concatenation OPT.STR-3
94:  Concatenating strings INTER.COS-5
94:  The String literal "%" is used SECURITY.WSC.SL-3
94:  The 'toLowerCase' method is called without the java.util.Locale parameter CERT.STR02.CCL-2
94:  Parameter 'titlePart' dereferenced before being checked for null DBC.IPAN-3
94:  The 'toLowerCase' method is called without the java.util.Locale parameter INTER.CCL-3
94:  Single character '%' using double quotes in string concatenation OPT.STR-3
94:  The String literal "%" is used SECURITY.WSC.SL-3
95:  interface type 'ResultSet' is used MOBILE.AUI-3
95:  JDBC resource 'rs' is not closed in a "finally" block JDBC.RRWD-1
95:  Variable 'rs' is not declared at the beginning of the block CODSTA.READ.PDBB-4
95:  The declaration of the local variable 'rs' is not followed by a comment CODSTA.READ.CLV-5
 +  96:  Duplicated code: "boolean hasNext = rs.first(); Vect ..." CDD.DUPC-3
96:  Variable 'hasNext' does not end with 'boolean' NAMING.UHN-4
96:  The declaration of the local variable 'hasNext' is not followed by a comment CODSTA.READ.CLV-5
96:  Variable 'hasNext' is not declared at the beginning of the block CODSTA.READ.PDBB-4
97:  Variable 'books' is not declared at the beginning of the block CODSTA.READ.PDBB-4
97:  The declaration of the local variable 'books' is not followed by a comment CODSTA.READ.CLV-5
97:  Consider using an 'ArrayList' instead of a 'Vector' here for efficiency OPT.SDLS-3
97:  Initial container capacity is not specified OPT.DIC-3
99:  Variable 'query2' is not declared at the beginning of the block CODSTA.READ.PDBB-4
99:  The declaration of the local variable 'query2' is not followed by a comment CODSTA.READ.CLV-5
99:  Concatenating strings INTER.COS-5
99:  Concatenating strings CERT.STR00.COS-3
99:  Non internationalized string: "SELECT " INTER.ITT-3
99:  The String literal "SELECT " is used SECURITY.WSC.SL-3
100:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
100:  Single character '.' using double quotes in string concatenation OPT.STR-3
100:  The String literal "." is used SECURITY.WSC.SL-3
100:  The String literal " as " is used SECURITY.WSC.SL-3
100:  Non internationalized string: " as " INTER.ITT-3
101:  Non internationalized string: " FROM " INTER.ITT-3
101:  The String literal " FROM " is used SECURITY.WSC.SL-3
102:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
102:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
102:  Single character ',' using double quotes in string concatenation OPT.STR-3
102:  The String literal "," is used SECURITY.WSC.SL-3
103:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
103:  Single character ',' using double quotes in string concatenation OPT.STR-3
103:  The String literal "," is used SECURITY.WSC.SL-3
104:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
105:  Non internationalized string: " WHERE " INTER.ITT-3
105:  The String literal " WHERE " is used SECURITY.WSC.SL-3
106:  Line is longer than 80 characters: 82 APSC_DV.003215.LL-3
106:  Line is longer than 80 characters: 82 FORMAT.LL-3
106:  Non internationalized string: "LCASE(" INTER.ITT-3
106:  The String literal "LCASE(" is used SECURITY.WSC.SL-3
106:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
106:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
106:  Single character '.' using double quotes in string concatenation OPT.STR-3
106:  The String literal "." is used SECURITY.WSC.SL-3
106:  field 'NL_TITLE' is used multiple times MOBILE.ACFM-3
106:  Single character ')' using double quotes in string concatenation OPT.STR-3
106:  The String literal ")" is used SECURITY.WSC.SL-3
106:  The String literal " LIKE ? AND " is used SECURITY.WSC.SL-3
106:  Non internationalized string: " LIKE ? AND " INTER.ITT-3
107:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
107:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
107:  Single character '.' using double quotes in string concatenation OPT.STR-3
107:  The String literal "." is used SECURITY.WSC.SL-3
107:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
107:  The String literal " = " is used SECURITY.WSC.SL-3
108:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
108:  Single character '.' using double quotes in string concatenation OPT.STR-3
108:  The String literal "." is used SECURITY.WSC.SL-3
108:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
108:  Non internationalized string: " AND " INTER.ITT-3
108:  The String literal " AND " is used SECURITY.WSC.SL-3
109:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
109:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
109:  Non internationalized string: ".publisher_id = " INTER.ITT-3
109:  The String literal ".publisher_id = " is used SECURITY.WSC.SL-3
110:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
110:  Single character '.' using double quotes in string concatenation OPT.STR-3
110:  The String literal "." is used SECURITY.WSC.SL-3
110:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
110:  Non internationalized string: " AND " INTER.ITT-3
110:  The String literal " AND " is used SECURITY.WSC.SL-3
111:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
111:  Single character '.' using double quotes in string concatenation OPT.STR-3
111:  The String literal "." is used SECURITY.WSC.SL-3
111:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
111:  The String literal " = ?" is used SECURITY.WSC.SL-3
112:  Consider using a "for" loop here CODSTA.READ.PFL-5
112:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
112:  Parenthesis not followed by 1 space FORMAT.SAP-3
113:  Local constant not declared "final": id CODSTA.READ.FLV-3
113:  Variable 'id' does not end with 'int' NAMING.UHN-4
113:  The declaration of the local variable 'id' is not followed by a comment CODSTA.READ.CLV-5
113:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
114:  The declaration of the local variable 'isbn' is not followed by a comment CODSTA.READ.CLV-5
114:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
115:  The declaration of the local variable 'genre' is not followed by a comment CODSTA.READ.CLV-5
115:  field 'NL_GENRE' is used multiple times MOBILE.ACFM-3
116:  The declaration of the local variable 'title' is not followed by a comment CODSTA.READ.CLV-5
116:  field 'NL_TITLE' is used multiple times MOBILE.ACFM-3
117:  The declaration of the local variable 'year' is not followed by a comment CODSTA.READ.CLV-5
117:  Inspect usage of the 'Date' object 'year' SECURITY.BV.ADT-5
117:  field 'NL_YEAR' is used multiple times MOBILE.ACFM-3
118:  The declaration of the local variable 'publisher' is not followed by a comment CODSTA.READ.CLV-5
118:  field 'NL_PUBLISHER_NAME' is used multiple times MOBILE.ACFM-3
119:  The declaration of the local variable 'description' is not followed by a comment CODSTA.READ.CLV-5
119:  field 'NL_DESCRIPTION' is used multiple times MOBILE.ACFM-3
120:  The declaration of the local variable 'amount' is not followed by a comment CODSTA.READ.CLV-5
120:  field 'NL_PRICE' is used multiple times MOBILE.ACFM-3
121:  Local constant not declared "final": stock CODSTA.READ.FLV-3
121:  Variable 'stock' does not end with 'int' NAMING.UHN-4
121:  The declaration of the local variable 'stock' is not followed by a comment CODSTA.READ.CLV-5
121:  field 'NL_STOCK' is used multiple times MOBILE.ACFM-3
123:  interface type 'PreparedStatement' is used MOBILE.AUI-3
123:  JDBC resource 'stmt2' is not closed in a "finally" block JDBC.RRWD-1
123:  The declaration of the local variable 'stmt2' is not followed by a comment CODSTA.READ.CLV-5
124:  Line is longer than 80 characters: 92 APSC_DV.003215.LL-3
124:  Line is longer than 80 characters: 92 FORMAT.LL-3
124:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
124:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
124:  field 'TYPE_SCROLL_INSENSITIVE' is used multiple times MOBILE.ACFM-3
125:  Line is longer than 80 characters: 87 APSC_DV.003215.LL-3
125:  Line is longer than 80 characters: 87 FORMAT.LL-3
125:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
125:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
125:  field 'CONCUR_UPDATABLE' is used multiple times MOBILE.ACFM-3
 +  126:  Duplicated code: "stmt2.setString(1, "%" + titlePart.toLowe ..." CDD.DUPC-3
126:  Concatenating strings CERT.STR00.COS-3
126:  Single character '%' using double quotes in string concatenation OPT.STR-3
126:  Concatenating strings INTER.COS-5
126:  The String literal "%" is used SECURITY.WSC.SL-3
126:  The 'toLowerCase' method is called without the java.util.Locale parameter CERT.STR02.CCL-2
126:  The 'toLowerCase' method is called without the java.util.Locale parameter INTER.CCL-3
126:  Single character '%' using double quotes in string concatenation OPT.STR-3
126:  The String literal "%" is used SECURITY.WSC.SL-3
 +  127:  The "getString()" method returns tainted data that should be validated before use APSC_DV.002500.VPPD-2
 +  127:  The "getString()" method returns tainted data that should be validated before use BD.SECURITY.VPPD-2
 +  127:  The "getString()" method returns tainted data that should be validated before use CERT.IDS11.VPPD-1
 +  127:  The "getString()" method returns tainted data that should be validated before use CWE.352.VPPD-2
 +  127:  The "getString()" method returns tainted data that should be validated before use CWE.79.VPPD-2
 +  127:  The "getString()" method returns tainted data that should be validated before use PCIDSS32.659.VPPD-2
128:  interface type 'ResultSet' is used MOBILE.AUI-3
128:  JDBC resource 'rs2' is not closed in a "finally" block JDBC.RRWD-1
128:  Variable 'rs2' is not declared at the beginning of the block CODSTA.READ.PDBB-4
128:  The declaration of the local variable 'rs2' is not followed by a comment CODSTA.READ.CLV-5
129:  Variable 'hasMore' does not end with 'boolean' NAMING.UHN-4
129:  The declaration of the local variable 'hasMore' is not followed by a comment CODSTA.READ.CLV-5
129:  Variable 'hasMore' is not declared at the beginning of the block CODSTA.READ.PDBB-4
130:  Variable 'authors' is not declared at the beginning of the block CODSTA.READ.PDBB-4
130:  The declaration of the local variable 'authors' is not followed by a comment CODSTA.READ.CLV-5
130:  Consider using an 'ArrayList' instead of a 'Vector' here for efficiency OPT.SDLS-3
130:  Initial container capacity is not specified OPT.DIC-3
132:  Consider using a "for" loop here CODSTA.READ.PFL-5
132:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
132:  Parenthesis not followed by 1 space FORMAT.SAP-3
133:  The declaration of the local variable 'author' is not followed by a comment CODSTA.READ.CLV-5
133:  field 'NL_AUTHOR_NAME' is used multiple times MOBILE.ACFM-3
134:  Calling synchronized method 'add' inside of a loop OPT.SYN-3
136:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
138:  Place the [] after the array type, not after the variable: arrayOfAuthors APSC_DV.003215.IAD-3
138:  Place the [] after the array type, not after the variable: arrayOfAuthors FORMAT.IAD-3
138:  Variable 'arrayOfAuthors' is not declared at the beginning of the block CODSTA.READ.PDBB-4
138:  The declaration of the local variable 'arrayOfAuthors' is not followed by a comment CODSTA.READ.CLV-5
138:  'OutOfMemoryError' should be caught for potentially large array allocations MOBILE.J2ME.OOME-3
138:  Calling synchronized method 'size' inside of a loop OPT.SYN-3
140:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
140:  Parenthesis not followed by 1 space FORMAT.SAP-3
140:  Variable 'i' does not end with 'int' NAMING.UHN-4
140:  'arrayOfAuthors.length' should not be used in a loop condition expression MOBILE.J2ME.ARLL-3
140:  field 'length' is used multiple times MOBILE.ACFM-3
140:  Non-local variable 'length' used inside loop body OPT.USV-4
141:  Calling synchronized method 'elementAt' inside of a loop OPT.SYN-3
142:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
144:  Variable 'product' is not declared at the beginning of the block CODSTA.READ.PDBB-4
144:  The declaration of the local variable 'product' is not followed by a comment CODSTA.READ.CLV-5
145:  Line is longer than 80 characters: 101 APSC_DV.003215.LL-3
145:  Line is longer than 80 characters: 101 FORMAT.LL-3
145:  Variable 'book' is not declared at the beginning of the block CODSTA.READ.PDBB-4
145:  The declaration of the local variable 'book' is not followed by a comment CODSTA.READ.CLV-5
146:  Calling synchronized method 'add' inside of a loop OPT.SYN-3
148:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
150:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
150:  Parenthesis not followed by 1 space FORMAT.SAP-3
151:  interface type 'Enumeration' is used MOBILE.AUI-3
151:  The declaration of the local variable 'enum_var' is not followed by a comment CODSTA.READ.CLV-5
152:  Consider using a "for" loop here CODSTA.READ.PFL-5
152:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
152:  Parenthesis not followed by 1 space FORMAT.SAP-3
153:  Variable name 'b' is not of type "byte" NAMING.CVN-4
153:  The length of the identifier "b" is less than the minimum length (2) NAMING.LLI-4
154:  Line is longer than 80 characters: 136 APSC_DV.003215.LL-3
154:  Line is longer than 80 characters: 136 FORMAT.LL-3
154:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
154:  Parenthesis not followed by 1 space FORMAT.SAP-3
154:  Missing '()' to separate complex expression APSC_DV.003215.APAREN-3
154:  The return value of 'getProductInfo()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
154:  The return value of 'getBook()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
154:  Missing '()' to separate complex expression FORMAT.APAREN-3
154:  Missing '()' to separate complex expression APSC_DV.003215.APAREN-3
154:  The return value of 'getName()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
154:  The return value of 'getProductInfo()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
154:  The return value of 'getBook()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
154:  Missing '()' to separate complex expression FORMAT.APAREN-3
155:  Calling synchronized method 'add' inside of a loop OPT.SYN-3
156:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
157:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
158:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
160:  Place the [] after the array type, not after the variable: arrayOfBooks APSC_DV.003215.IAD-3
160:  Place the [] after the array type, not after the variable: arrayOfBooks FORMAT.IAD-3
160:  Variable 'arrayOfBooks' is not declared at the beginning of the block CODSTA.READ.PDBB-4
160:  The declaration of the local variable 'arrayOfBooks' is not followed by a comment CODSTA.READ.CLV-5
160:  'OutOfMemoryError' should be caught for potentially large array allocations MOBILE.J2ME.OOME-3
162:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
162:  Parenthesis not followed by 1 space FORMAT.SAP-3
162:  Variable 'i' does not end with 'int' NAMING.UHN-4
162:  'arrayOfBooks.length' should not be used in a loop condition expression MOBILE.J2ME.ARLL-3
162:  field 'length' is used multiple times MOBILE.ACFM-3
163:  Calling synchronized method 'elementAt' inside of a loop OPT.SYN-3
164:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
168:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
168:  Parenthesis not followed by 1 space FORMAT.SAP-3
169:  Line is longer than 80 characters: 81 APSC_DV.003215.LL-3
169:  Line is longer than 80 characters: 81 FORMAT.LL-3
169:  Concatenating strings CERT.STR00.COS-3
169:  Concatenating strings INTER.COS-5
169:  The String literal "no books with titles containing '" is used SECURITY.WSC.SL-3
170:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
170:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
170:  The String literal "' were found" is used SECURITY.WSC.SL-3
171:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
175:  No JUnit test method defined for 'getById()' JUNIT.TEST-2
175:  The method 'getById' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
175:  Missing Javadoc comment for method 'getById()' JAVADOC.PJDM-3
175:  Globally unused "public" method: getById() GLOBAL.UPPM-4
175:  Formal parameter 'id' is not declared as final CODSTA.BP.FPF-3
175:  Variable 'id' does not end with 'int' NAMING.UHN-4
176:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
176:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
181:  Opening brace '{' is not on the same line as the method declaration APSC_DV.003215.FCB-3
181:  Opening brace '{' is not on the same line as the method declaration FORMAT.FCB-3
182:  The local variable 'db' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
182:  Local variable 'db' has the same name as a field OOP.HMF-3
182:  The declaration of the local variable 'db' is not followed by a comment CODSTA.READ.CLV-5
183:  The declaration of the local variable 'query' is not followed by a comment CODSTA.READ.CLV-5
183:  Concatenating strings INTER.COS-5
183:  Concatenating strings CERT.STR00.COS-3
183:  Non internationalized string: "SELECT " INTER.ITT-3
183:  The String literal "SELECT " is used SECURITY.WSC.SL-3
183:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
183:  Single character '.' using double quotes in string concatenation OPT.STR-3
183:  The String literal "." is used SECURITY.WSC.SL-3
183:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
183:  Single character ',' using double quotes in string concatenation OPT.STR-3
183:  The String literal "," is used SECURITY.WSC.SL-3
184:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
184:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
184:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
184:  Single character '.' using double quotes in string concatenation OPT.STR-3
184:  The String literal "." is used SECURITY.WSC.SL-3
184:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
184:  Single character ',' using double quotes in string concatenation OPT.STR-3
184:  The String literal "," is used SECURITY.WSC.SL-3
185:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
185:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
185:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
185:  Single character '.' using double quotes in string concatenation OPT.STR-3
185:  The String literal "." is used SECURITY.WSC.SL-3
185:  The String literal "," is used SECURITY.WSC.SL-3
185:  Single character ',' using double quotes in string concatenation OPT.STR-3
186:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
186:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
186:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
186:  Single character '.' using double quotes in string concatenation OPT.STR-3
186:  The String literal "." is used SECURITY.WSC.SL-3
186:  The String literal "," is used SECURITY.WSC.SL-3
186:  Single character ',' using double quotes in string concatenation OPT.STR-3
187:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
187:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
187:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
187:  Single character '.' using double quotes in string concatenation OPT.STR-3
187:  The String literal "." is used SECURITY.WSC.SL-3
187:  The String literal "," is used SECURITY.WSC.SL-3
187:  Single character ',' using double quotes in string concatenation OPT.STR-3
188:  Line is longer than 80 characters: 106 APSC_DV.003215.LL-3
188:  Line is longer than 80 characters: 106 FORMAT.LL-3
188:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
188:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
188:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
188:  Single character '.' using double quotes in string concatenation OPT.STR-3
188:  The String literal "." is used SECURITY.WSC.SL-3
188:  The String literal " as " is used SECURITY.WSC.SL-3
188:  Non internationalized string: " as " INTER.ITT-3
188:  Single character ',' using double quotes in string concatenation OPT.STR-3
188:  The String literal "," is used SECURITY.WSC.SL-3
189:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
189:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
189:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
189:  Single character '.' using double quotes in string concatenation OPT.STR-3
189:  The String literal "." is used SECURITY.WSC.SL-3
189:  The String literal "," is used SECURITY.WSC.SL-3
189:  Single character ',' using double quotes in string concatenation OPT.STR-3
190:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
190:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
190:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
190:  Single character '.' using double quotes in string concatenation OPT.STR-3
190:  The String literal "." is used SECURITY.WSC.SL-3
190:  The String literal "," is used SECURITY.WSC.SL-3
190:  Single character ',' using double quotes in string concatenation OPT.STR-3
191:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
191:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
191:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
191:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
191:  Single character '.' using double quotes in string concatenation OPT.STR-3
191:  The String literal "." is used SECURITY.WSC.SL-3
192:  The String literal " FROM " is used SECURITY.WSC.SL-3
192:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
192:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
192:  Non internationalized string: " FROM " INTER.ITT-3
192:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
192:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
192:  Single character ',' using double quotes in string concatenation OPT.STR-3
192:  The String literal "," is used SECURITY.WSC.SL-3
193:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
193:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
193:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
193:  Single character ',' using double quotes in string concatenation OPT.STR-3
193:  The String literal "," is used SECURITY.WSC.SL-3
194:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
194:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
194:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
195:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
195:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
195:  Non internationalized string: " WHERE " INTER.ITT-3
195:  The String literal " WHERE " is used SECURITY.WSC.SL-3
195:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
195:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
195:  Single character '.' using double quotes in string concatenation OPT.STR-3
195:  The String literal "." is used SECURITY.WSC.SL-3
195:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
195:  Non internationalized string: " = ? AND " INTER.ITT-3
195:  The String literal " = ? AND " is used SECURITY.WSC.SL-3
196:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
196:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
196:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
196:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
196:  Single character '.' using double quotes in string concatenation OPT.STR-3
196:  The String literal "." is used SECURITY.WSC.SL-3
196:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
196:  The String literal " = " is used SECURITY.WSC.SL-3
197:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
197:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
197:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
197:  Single character '.' using double quotes in string concatenation OPT.STR-3
197:  The String literal "." is used SECURITY.WSC.SL-3
197:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
197:  Non internationalized string: " AND " INTER.ITT-3
197:  The String literal " AND " is used SECURITY.WSC.SL-3
198:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
198:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
198:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
198:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
198:  Non internationalized string: ".publisher_id = " INTER.ITT-3
198:  The String literal ".publisher_id = " is used SECURITY.WSC.SL-3
199:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
199:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
199:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
199:  Single character '.' using double quotes in string concatenation OPT.STR-3
199:  The String literal "." is used SECURITY.WSC.SL-3
199:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
200:  interface type 'PreparedStatement' is used MOBILE.AUI-3
200:  JDBC resource 'stmt' is not closed in a "finally" block JDBC.RRWD-1
200:  The declaration of the local variable 'stmt' is not followed by a comment CODSTA.READ.CLV-5
201:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
201:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
202:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
202:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
204:  interface type 'ResultSet' is used MOBILE.AUI-3
204:  JDBC resource 'rs' is not closed in a "finally" block JDBC.RRWD-1
204:  Variable 'rs' is not declared at the beginning of the block CODSTA.READ.PDBB-4
204:  The declaration of the local variable 'rs' is not followed by a comment CODSTA.READ.CLV-5
205:  Variable 'exists' does not end with 'boolean' NAMING.UHN-4
205:  The declaration of the local variable 'exists' is not followed by a comment CODSTA.READ.CLV-5
205:  Local constant not declared "final": exists CODSTA.READ.FLV-3
205:  Variable 'exists' is not declared at the beginning of the block CODSTA.READ.PDBB-4
206:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
206:  Parenthesis not followed by 1 space FORMAT.SAP-3
207:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
207:  Parenthesis not followed by 1 space FORMAT.SAP-3
208:  interface type 'Enumeration' is used MOBILE.AUI-3
208:  The declaration of the local variable 'enum_var' is not followed by a comment CODSTA.READ.CLV-5
209:  Consider using a "for" loop here CODSTA.READ.PFL-5
209:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
209:  Parenthesis not followed by 1 space FORMAT.SAP-3
210:  Variable name 'b' is not of type "byte" NAMING.CVN-4
210:  The length of the identifier "b" is less than the minimum length (2) NAMING.LLI-4
211:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
211:  Parenthesis not followed by 1 space FORMAT.SAP-3
211:  The return value of 'getProductInfo()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
211:  The return value of 'getBook()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
214:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
215:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
216:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
217:  Concatenating strings CERT.STR00.COS-3
217:  Concatenating strings INTER.COS-5
217:  The String literal "no book with the id " is used SECURITY.WSC.SL-3
217:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
218:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
218:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
218:  The String literal " was found" is used SECURITY.WSC.SL-3
219:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
220:  Variable 'isbn' is not declared at the beginning of the block CODSTA.READ.PDBB-4
220:  The declaration of the local variable 'isbn' is not followed by a comment CODSTA.READ.CLV-5
220:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
221:  Variable 'title' is not declared at the beginning of the block CODSTA.READ.PDBB-4
221:  The declaration of the local variable 'title' is not followed by a comment CODSTA.READ.CLV-5
222:  The declaration of the local variable 'genre' is not followed by a comment CODSTA.READ.CLV-5
222:  Variable 'genre' is not declared at the beginning of the block CODSTA.READ.PDBB-4
223:  Variable 'year' is not declared at the beginning of the block CODSTA.READ.PDBB-4
223:  The declaration of the local variable 'year' is not followed by a comment CODSTA.READ.CLV-5
223:  Inspect usage of the 'Date' object 'year' SECURITY.BV.ADT-5
224:  The declaration of the local variable 'publisher' is not followed by a comment CODSTA.READ.CLV-5
224:  Variable 'publisher' is not declared at the beginning of the block CODSTA.READ.PDBB-4
225:  Variable 'description' is not declared at the beginning of the block CODSTA.READ.PDBB-4
225:  The declaration of the local variable 'description' is not followed by a comment CODSTA.READ.CLV-5
226:  The declaration of the local variable 'amount' is not followed by a comment CODSTA.READ.CLV-5
226:  Variable 'amount' is not declared at the beginning of the block CODSTA.READ.PDBB-4
 +  227:  Duplicated code: "int stock = rs.getInt(NL_STOCK); S ..." CDD.DUPC-3
227:  Local constant not declared "final": stock CODSTA.READ.FLV-3
227:  Variable 'stock' is not declared at the beginning of the block CODSTA.READ.PDBB-4
227:  Variable 'stock' does not end with 'int' NAMING.UHN-4
227:  The declaration of the local variable 'stock' is not followed by a comment CODSTA.READ.CLV-5
228:  Line is longer than 80 characters: 95 APSC_DV.003215.LL-3
228:  Line is longer than 80 characters: 95 FORMAT.LL-3
228:  Variable 'query2' is not declared at the beginning of the block CODSTA.READ.PDBB-4
228:  The declaration of the local variable 'query2' is not followed by a comment CODSTA.READ.CLV-5
228:  Concatenating strings INTER.COS-5
228:  Concatenating strings CERT.STR00.COS-3
228:  Non internationalized string: "SELECT " INTER.ITT-3
228:  The String literal "SELECT " is used SECURITY.WSC.SL-3
228:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
228:  Single character '.' using double quotes in string concatenation OPT.STR-3
228:  The String literal "." is used SECURITY.WSC.SL-3
228:  The String literal " as " is used SECURITY.WSC.SL-3
228:  Non internationalized string: " as " INTER.ITT-3
229:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
229:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
229:  Non internationalized string: " FROM " INTER.ITT-3
229:  The String literal " FROM " is used SECURITY.WSC.SL-3
229:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
229:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
229:  Single character ',' using double quotes in string concatenation OPT.STR-3
229:  The String literal "," is used SECURITY.WSC.SL-3
230:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
230:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
230:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
230:  Single character ',' using double quotes in string concatenation OPT.STR-3
230:  The String literal "," is used SECURITY.WSC.SL-3
231:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
231:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
231:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
232:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
232:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
232:  Non internationalized string: " WHERE " INTER.ITT-3
232:  The String literal " WHERE " is used SECURITY.WSC.SL-3
232:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
232:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
232:  Single character '.' using double quotes in string concatenation OPT.STR-3
232:  The String literal "." is used SECURITY.WSC.SL-3
232:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
232:  Non internationalized string: " = ? AND " INTER.ITT-3
232:  The String literal " = ? AND " is used SECURITY.WSC.SL-3
233:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
233:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
233:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
233:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
233:  Single character '.' using double quotes in string concatenation OPT.STR-3
233:  The String literal "." is used SECURITY.WSC.SL-3
233:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
233:  The String literal " = " is used SECURITY.WSC.SL-3
234:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
234:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
234:  field 'NL_TABLE_AUTHOR' is used multiple times MOBILE.ACFM-3
234:  Single character '.' using double quotes in string concatenation OPT.STR-3
234:  The String literal "." is used SECURITY.WSC.SL-3
234:  field 'NL_ISBN' is used multiple times MOBILE.ACFM-3
234:  Non internationalized string: " AND " INTER.ITT-3
234:  The String literal " AND " is used SECURITY.WSC.SL-3
235:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
235:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
235:  field 'NL_TABLE_BOOK' is used multiple times MOBILE.ACFM-3
235:  Field 'NL_TABLE_BOOK' is accessed very frequently; try using a local variable as a buffer MOBILE.J2ME.EAOF-3
235:  Non internationalized string: ".publisher_id = " INTER.ITT-3
235:  The String literal ".publisher_id = " is used SECURITY.WSC.SL-3
236:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
236:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
236:  field 'NL_TABLE_PUBLISHER' is used multiple times MOBILE.ACFM-3
236:  Single character '.' using double quotes in string concatenation OPT.STR-3
236:  The String literal "." is used SECURITY.WSC.SL-3
236:  field 'NL_ID' is used multiple times MOBILE.ACFM-3
237:  interface type 'PreparedStatement' is used MOBILE.AUI-3
237:  JDBC resource 'stmt2' is not closed in a "finally" block JDBC.RRWD-1
237:  Variable 'stmt2' is not declared at the beginning of the block CODSTA.READ.PDBB-4
237:  The declaration of the local variable 'stmt2' is not followed by a comment CODSTA.READ.CLV-5
238:  Line is longer than 80 characters: 88 APSC_DV.003215.LL-3
238:  Line is longer than 80 characters: 88 FORMAT.LL-3
238:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
238:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
239:  Line is longer than 80 characters: 82 APSC_DV.003215.LL-3
239:  Line is longer than 80 characters: 82 FORMAT.LL-3
239:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
239:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
 +  240:  Duplicated code: "stmt2.setInt(1, id); ResultSet rs2 ..." CDD.DUPC-3
241:  interface type 'ResultSet' is used MOBILE.AUI-3
241:  JDBC resource 'rs2' is not closed in a "finally" block JDBC.RRWD-1
241:  Variable 'rs2' is not declared at the beginning of the block CODSTA.READ.PDBB-4
241:  The declaration of the local variable 'rs2' is not followed by a comment CODSTA.READ.CLV-5
242:  Variable 'more2' does not end with 'boolean' NAMING.UHN-4
242:  The declaration of the local variable 'more2' is not followed by a comment CODSTA.READ.CLV-5
242:  Variable 'more2' is not declared at the beginning of the block CODSTA.READ.PDBB-4
243:  Variable 'authors' is not declared at the beginning of the block CODSTA.READ.PDBB-4
243:  The declaration of the local variable 'authors' is not followed by a comment CODSTA.READ.CLV-5
243:  Consider using an 'ArrayList' instead of a 'Vector' here for efficiency OPT.SDLS-3
243:  Initial container capacity is not specified OPT.DIC-3
244:  Consider using a "for" loop here CODSTA.READ.PFL-5
244:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
244:  Parenthesis not followed by 1 space FORMAT.SAP-3
245:  The declaration of the local variable 'author' is not followed by a comment CODSTA.READ.CLV-5
245:  field 'NL_AUTHOR_NAME' is used multiple times MOBILE.ACFM-3
246:  Calling synchronized method 'add' inside of a loop OPT.SYN-3
 +  246:  The "getString()" method returns tainted data that should be validated before use APSC_DV.002500.VPPD-2
 +  246:  The "getString()" method returns tainted data that should be validated before use BD.SECURITY.VPPD-2
 +  246:  The "getString()" method returns tainted data that should be validated before use CERT.IDS11.VPPD-1
 +  246:  The "getString()" method returns tainted data that should be validated before use CWE.352.VPPD-2
 +  246:  The "getString()" method returns tainted data that should be validated before use CWE.79.VPPD-2
 +  246:  The "getString()" method returns tainted data that should be validated before use PCIDSS32.659.VPPD-2
248:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
249:  Place the [] after the array type, not after the variable: arr APSC_DV.003215.IAD-3
249:  Place the [] after the array type, not after the variable: arr FORMAT.IAD-3
249:  Variable name 'arr' does not match user-specified regular expression '(s|List|Set|Array|Table)$' for array and collection variables NAMING.NAC-3
249:  Variable 'arr' is not declared at the beginning of the block CODSTA.READ.PDBB-4
249:  The declaration of the local variable 'arr' is not followed by a comment CODSTA.READ.CLV-5
249:  'OutOfMemoryError' should be caught for potentially large array allocations MOBILE.J2ME.OOME-3
250:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
250:  Parenthesis not followed by 1 space FORMAT.SAP-3
250:  Variable 'i' does not end with 'int' NAMING.UHN-4
250:  'arr.length' should not be used in a loop condition expression MOBILE.J2ME.ARLL-3
250:  field 'length' is used multiple times MOBILE.ACFM-3
251:  Calling synchronized method 'elementAt' inside of a loop OPT.SYN-3
252:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
255:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
255:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
 +  255:  The "getInt()" method returns tainted data that should be validated before use APSC_DV.002500.VPPD-2
 +  255:  The "getInt()" method returns tainted data that should be validated before use BD.SECURITY.VPPD-2
 +  255:  The "getInt()" method returns tainted data that should be validated before use CERT.IDS11.VPPD-1
 +  255:  The "getInt()" method returns tainted data that should be validated before use CWE.352.VPPD-2
 +  255:  The "getInt()" method returns tainted data that should be validated before use CWE.79.VPPD-2
 +  255:  The "getInt()" method returns tainted data that should be validated before use PCIDSS32.659.VPPD-2
258:  No JUnit test method defined for 'addNewItem()' JUNIT.TEST-2
258:  Missing Javadoc comment for method 'addNewItem()' JAVADOC.PJDM-3
258:  Globally unused "public" method: addNewItem() GLOBAL.UPPM-4
258:  Formal parameter 'tempbook' is not declared as final CODSTA.BP.FPF-3
258:  Throwing explicit 'Exception' object in 'addNewItem()' APSC_DV.001460.NTX-2
258:  Throwing explicit 'Exception' object in 'addNewItem()' CERT.ERR07.NTX-3
258:  Throwing explicit 'Exception' object in 'addNewItem()' CODSTA.BP.NTX-3
258:  Throwing explicit 'Exception' object in 'addNewItem()' CWE.397.NTX-3
258:  Throwing explicit 'Exception' object in 'addNewItem()' OWASP2017.A6.NTX-3
258:  Throwing explicit 'Exception' object in 'addNewItem()' OWASP2021.A5.NTX-3
258:  Throwing explicit 'Exception' object in 'addNewItem()' OWASP2019.API7.NTX-5
259:  Lazy initialization is not thread-safe: addedBooks CERT.MSC07.ILI-3
259:  Lazy initialization is not thread-safe: addedBooks CWE.543.ILI-3
259:  Lazy initialization is not thread-safe: addedBooks TRS.ILI-3
259:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
259:  Parenthesis not followed by 1 space FORMAT.SAP-3
260:  This code may not be thread-safe; setting and accessing the field 'addedBooks' may require synchronization CERT.LCK05.IASF-3
260:  This code may not be thread-safe; setting and accessing the field 'addedBooks' may require synchronization CWE.543.IASF-3
260:  This code may not be thread-safe; setting and accessing the field 'addedBooks' may require synchronization TRS.IASF-3
260:  Hashtable 'addedBooks' may have improved performance as a ConcurrentHashMap TRS.CHM-5
260:  Initial container capacity is not specified OPT.DIC-3
261:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
262:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
262:  Parenthesis not followed by 1 space FORMAT.SAP-3
263:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
263:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
263:  Avoid throwing 'Exception' CWE.397.NTERR-3
263:  Avoid throwing 'Exception' EXCEPT.NTERR-3
263:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
263:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
263:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
263:  Concatenating strings INTER.COS-5
263:  Concatenating strings CERT.STR00.COS-3
263:  The String literal "Too many books (" is used SECURITY.WSC.SL-3
263:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
264:  Line is longer than 80 characters: 160 APSC_DV.003215.LL-3
264:  Line is longer than 80 characters: 160 FORMAT.LL-3
264:  The String literal ") have been added already. Added books are removed as soon as the session of the user who added them expires, after 20 minutes of inactivity" is used SECURITY.WSC.SL-3
265:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
266:  Line is longer than 80 characters: 95 APSC_DV.003215.LL-3
266:  Line is longer than 80 characters: 95 FORMAT.LL-3
266:  Unnecessary instantiation of 'Integer' object OPT.PRIM-3
266:  The return value of 'getProductInfo()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
266:  The return value of 'getBook()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
267:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
270:  No JUnit test method defined for 'clearAddedBooks()' JUNIT.TEST-2
270:  Missing Javadoc comment for method 'clearAddedBooks()' JAVADOC.PJDM-3
270:  Globally unused "public" method: clearAddedBooks() GLOBAL.UPPM-4
270:  "synchronized" modifier used in method declaration: clearAddedBooks() TRS.NSM-5
270:  Formal parameter 'tempbook' is not declared as final CODSTA.BP.FPF-3
271:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
271:  Parenthesis not followed by 1 space FORMAT.SAP-3
272:  The declaration of the local variable 'book' is not followed by a comment CODSTA.READ.CLV-5
273:  The return value of 'getProductInfo()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
273:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
274:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
277:  File should be terminated by a newline character APSC_DV.003215.TNL-3
277:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore2/BookStoreMemoryDB.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
8:  Missing Javadoc tag '@since' for class 'BookStoreMemoryDB' JAVADOC.ECTT-3
8:  Globally unused "public" class: com.parasoft.bookstore2.BookStoreMemoryDB GLOBAL.UPPC-4
8:  Missing '@author' Javadoc tag: BookStoreMemoryDB JAVADOC.MAJDT-4
8:  The immutable class not declared 'final' SECURITY.WSC.FIMU-4
8:  'writeObject()' method is missing CWE.499.SER-5
8:  'clone()' method is missing SECURITY.WSC.MCNC-5
8:  'writeObject()' method is missing SECURITY.WSC.SER-5
8:  "public" class without an '@invariant' contract: BookStoreMemoryDB DBC.PUBC-3
8:  Missing '@version' Javadoc tag: BookStoreMemoryDB JAVADOC.MVJDT-3
8:  'readObject()' method is missing SECURITY.WSC.DSER-5
8:  'clone()' method is missing CERT.OBJ07.MCNC-2
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
9:  The 'db' field of the immutable class is not declared final SECURITY.WSC.FIMU-4
17:  'public' constructor declared CODSTA.BP.CMUTA-3
17:  Constructor 'BookStoreMemoryDB' throws 'SQLException, InstantiationException, IllegalAccessException, ClassNotFoundException' EXCEPT.EPNFC-3
17:  Missing Javadoc tag '@since' for method 'BookStoreMemoryDB()' JAVADOC.ECTM-3
17:  The constructor 'BookStoreMemoryDB' is more accessible than the constructor in its superclass SECURITY.WSC.AMA-3
17:  Constructor 'BookStoreMemoryDB()' should be declared "private" CWE.749.DPPM-4
17:  Constructor 'BookStoreMemoryDB()' should be declared "private" GLOBAL.DPPM-4
17:  Flag not present SECURITY.WSC.INIVF-4
17:  "public" method without a '@post' contract: BookStoreMemoryDB () DBC.PUBMPOST-3
17:  "public" method without a '@pre' contract: BookStoreMemoryDB DBC.PUBMPRE-3
17:  This constructor for class 'BookStoreMemoryDB' does not need to be explicitly defined PB.USC.EPC-3
17:  Constructor 'BookStoreMemoryDB' throws 'SQLException, InstantiationException, IllegalAccessException, ClassNotFoundException' CERT.OBJ11.EPNFC-1
17:  No JUnit test method defined for 'BookStoreMemoryDB()' JUNIT.TEST-2
18:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
18:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
22:  Opening brace '{' is not on the same line as the constructor declaration FORMAT.FCB-3
22:  Opening brace '{' is not on the same line as the constructor declaration APSC_DV.003215.FCB-3
27:  No JUnit test method defined for 'getDBInstance()' JUNIT.TEST-2
27:  Elements in 'BookStoreMemoryDB' not ordered appropriately, first violation: method 'getDBInstance' at line 27 should be placed before constructor 'BookStoreMemoryDB' at line 11 CODSTA.ORG.FO-3
27:  The method 'getDBInstance' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
27:  Missing Javadoc comment for method 'getDBInstance()' JAVADOC.PJDM-3
27:  Globally unused "public" method: getDBInstance() GLOBAL.UPPM-4
28:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
28:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
32:  Opening brace '{' is not on the same line as the method declaration APSC_DV.003215.FCB-3
32:  Opening brace '{' is not on the same line as the method declaration FORMAT.FCB-3
33:  Lazy initialization is not thread-safe: db CERT.MSC07.ILI-3
33:  Lazy initialization is not thread-safe: db CWE.543.ILI-3
33:  Lazy initialization is not thread-safe: db TRS.ILI-3
33:  Parenthesis not followed by 1 space FORMAT.SAP-3
33:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
34:  This code may not be thread-safe; setting and accessing the field 'db' may require synchronization CERT.LCK05.IASF-3
34:  This code may not be thread-safe; setting and accessing the field 'db' may require synchronization CWE.543.IASF-3
34:  This code may not be thread-safe; setting and accessing the field 'db' may require synchronization TRS.IASF-3
35:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
38:  File should be terminated by a newline character APSC_DV.003215.TNL-3
38:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore2/CartManager.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
8:  "import java.util.concurrent.ConcurrentHashMap" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
8:  "import java.util.concurrent.ConcurrentHashMap" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
8:  "import" not presented in alphabetical order: java.util.concurrent.ConcurrentHashMap CODSTA.ORG.ORIMP-5
9:  "import java.util.concurrent.atomic.AtomicInteger" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
9:  "import java.util.concurrent.atomic.AtomicInteger" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
11:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
11:  Use 2 blank lines before type declaration FORMAT.BLCD-3
11:  Public clone method missing CERT.OBJ05.MUCOP-1
11:  Static creation method missing CERT.OBJ05.MUCOP-1
11:  Copy constructor missing CERT.OBJ05.MUCOP-1
11:  Public clone method missing CERT.OBJ06.MUCOP-2
11:  Static creation method missing CERT.OBJ06.MUCOP-2
11:  Copy constructor missing CERT.OBJ06.MUCOP-2
11:  'clone()' method is missing CERT.OBJ07.MCNC-2
11:  Public clone method missing CERT.OBJ04.MUCOP-3
11:  Static creation method missing CERT.OBJ04.MUCOP-3
11:  Copy constructor missing CERT.OBJ04.MUCOP-3
11:  CartManager has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
11:  getter method without an @invariant contract: getCart() DBC.IGM-3
11:  getter method without an @invariant contract: getCartId() DBC.IGM-3
11:  getter method without an @invariant contract: getItem() DBC.IGM-3
11:  Missing Javadoc comment for 'CartManager' JAVADOC.PJDC-3
11:  Public clone method missing OOP.MUCOP-3
11:  Static creation method missing OOP.MUCOP-3
11:  Copy constructor missing OOP.MUCOP-3
11:  Globally unused "public" class: com.parasoft.bookstore2.CartManager GLOBAL.UPPC-4
11:  'writeObject()' method is missing CWE.499.SER-5
11:  'clone()' method is missing SECURITY.WSC.MCNC-5
11:  'writeObject()' method is missing SECURITY.WSC.SER-5
11:  Number of Javadoc comments are below thresholds (%): 10.0 METRICS.PJDC-3
11:  'readObject()' method is missing SECURITY.WSC.DSER-5
12:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
12:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
12:  interface type 'Map' is used MOBILE.AUI-3
12:  interface type 'List' is used MOBILE.AUI-3
12:  Constant value should be declared "final": cartIdToOrderMap CODSTA.READ.FF-3
12:  Found "static" variable of type "Map" or "Collection": 'cartIdToOrderMap' GC.STV-3
13:  Line is longer than 80 characters: 83 APSC_DV.003215.LL-3
13:  Line is longer than 80 characters: 83 FORMAT.LL-3
13:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
13:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
13:  interface type 'List' is used MOBILE.AUI-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
14:  Constant value should be declared "final": generatedNewCartId CODSTA.READ.FF-3
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
15:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
16:  interface type 'List' is used MOBILE.AUI-3
16:  Missing 'getList()' method for field 'list' BEAN.NFM-4
16:  Missing 'setList()' method for field 'list' BEAN.NFM-4
18:  No JUnit test method defined for 'CartManager()' JUNIT.TEST-2
18:  Missing Javadoc comment for method 'CartManager()' JAVADOC.PJDM-3
18:  Field 'cartId', declared on line 15, is not initialized in this constructor nor in its declaration INIT.CSI-4
18:  Field 'list', declared on line 16, is not initialized in this constructor nor in its declaration INIT.CSI-4
22:  Constructor 'CartManager' throws 'Exception' CERT.OBJ11.EPNFC-1
22:  No JUnit test method defined for 'CartManager()' JUNIT.TEST-2
22:  Constructor 'CartManager' throws 'Exception' EXCEPT.EPNFC-3
22:  Missing Javadoc comment for method 'CartManager()' JAVADOC.PJDM-3
22:  Method 'CartManager' performs compound action on "synchronized" collection 'cartIdToOrderMap' TRS.CMA-3
22:  Globally unused "public" constructor CartManager() GLOBAL.UPPM-4
22:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
22:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
22:  Parameter 'cartId' has the same name as a field OOP.HMF-3
22:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
22:  Throwing explicit 'Exception' object in 'CartManager()' OWASP2019.API7.NTX-5
22:  Throwing explicit 'Exception' object in 'CartManager()' APSC_DV.001460.NTX-2
22:  Throwing explicit 'Exception' object in 'CartManager()' CERT.ERR07.NTX-3
22:  Throwing explicit 'Exception' object in 'CartManager()' CODSTA.BP.NTX-3
22:  Throwing explicit 'Exception' object in 'CartManager()' CWE.397.NTX-3
22:  Throwing explicit 'Exception' object in 'CartManager()' OWASP2017.A6.NTX-3
22:  Throwing explicit 'Exception' object in 'CartManager()' OWASP2021.A5.NTX-3
23:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
23:  Parenthesis not followed by 1 space FORMAT.SAP-3
23:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
24:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
24:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
24:  Avoid throwing 'Exception' CWE.397.NTERR-3
24:  Avoid throwing 'Exception' EXCEPT.NTERR-3
24:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
24:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
24:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
24:  Concatenating strings INTER.COS-5
24:  Concatenating strings CERT.STR00.COS-3
24:  The String literal "cartId: " is used SECURITY.WSC.SL-3
25:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
25:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
25:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
25:  The String literal " doesn't exist." is used SECURITY.WSC.SL-3
26:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
27:  Calling the method 'setCartId()' in the constructor could cause an unexpected NullPointerException CODSTA.EPC.NCNFC-2
27:  Non-"final", non-"static", and non-"private" method 'setCartId()' called from inside constructor 'CartManager' PB.CUB.CTOR-4
28:  Non-"final", non-"static", and non-"private" method 'setItem()' called from inside constructor 'CartManager' PB.CUB.CTOR-4
28:  Calling the method 'setItem()' in the constructor could cause an unexpected NullPointerException CODSTA.EPC.NCNFC-2
28:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
31:  No JUnit test method defined for 'addNewItemToCart()' JUNIT.TEST-2
31:  Missing Javadoc comment for method 'addNewItemToCart()' JAVADOC.PJDM-3
31:  Globally unused "public" method: addNewItemToCart() GLOBAL.UPPM-4
31:  Formal parameter 'order' is not declared as final CODSTA.BP.FPF-3
32:  interface type 'List' is used MOBILE.AUI-3
32:  The local variable 'list' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
32:  Local variable 'list' has the same name as a field OOP.HMF-3
32:  The declaration of the local variable 'list' is not followed by a comment CODSTA.READ.CLV-5
32:  Initial container capacity is not specified OPT.DIC-3
34:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
37:  Line is longer than 80 characters: 82 APSC_DV.003215.LL-3
37:  Line is longer than 80 characters: 82 FORMAT.LL-3
37:  No JUnit test method defined for 'addExistingItemToCart()' JUNIT.TEST-2
37:  The method 'addExistingItemToCart' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
37:  Missing Javadoc comment for method 'addExistingItemToCart()' JAVADOC.PJDM-3
37:  Method 'addExistingItemToCart' performs compound action on "synchronized" collection 'cartIdToOrderMap' TRS.CMA-3
37:  Globally unused "public" method: addExistingItemToCart() GLOBAL.UPPM-4
37:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
37:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
37:  Parameter 'cartId' has the same name as a field OOP.HMF-3
37:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
37:  Formal parameter 'order' is not declared as final CODSTA.BP.FPF-3
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' APSC_DV.001460.NTX-2
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' CERT.ERR07.NTX-3
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' CODSTA.BP.NTX-3
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' CWE.397.NTX-3
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' OWASP2017.A6.NTX-3
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' OWASP2021.A5.NTX-3
37:  Throwing explicit 'Exception' object in 'addExistingItemToCart()' OWASP2019.API7.NTX-5
39:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
39:  Parenthesis not followed by 1 space FORMAT.SAP-3
39:  'cartIdToOrderMap' calls "containsKey()" and then "get()" OPT.AUMO-3
39:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
40:  interface type 'List' is used MOBILE.AUI-3
40:  The local variable 'list' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
40:  Local variable 'list' has the same name as a field OOP.HMF-3
40:  The declaration of the local variable 'list' is not followed by a comment CODSTA.READ.CLV-5
40:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
41:  interface type 'Iterator' is used MOBILE.AUI-3
41:  The declaration of the local variable 'iterator' is not followed by a comment CODSTA.READ.CLV-5
42:  Variable 'found' does not end with 'boolean' NAMING.UHN-4
42:  The declaration of the local variable 'found' is not followed by a comment CODSTA.READ.CLV-5
42:  Local constant not declared "final": found CODSTA.READ.FLV-3
43:  Consider using a "for" loop here CODSTA.READ.PFL-5
43:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
43:  Parenthesis not followed by 1 space FORMAT.SAP-3
44:  Variable name 'o' is not of type "java.lang.Object" NAMING.CVN-4
44:  The length of the identifier "o" is less than the minimum length (2) NAMING.LLI-4
45:  The declaration of the local variable 'book' is not followed by a comment CODSTA.READ.CLV-5
46:  Line is longer than 80 characters: 96 APSC_DV.003215.LL-3
46:  Line is longer than 80 characters: 96 FORMAT.LL-3
46:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
46:  Parenthesis not followed by 1 space FORMAT.SAP-3
46:  The return value of 'getProductInfo()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
46:  The return value of 'getBook()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
46:  The return value of 'getProductInfo()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
50:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
51:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
52:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
52:  Parenthesis not followed by 1 space FORMAT.SAP-3
55:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
56:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
56:  Do not use trailing comments APSC_DV.003215.TC-3
56:  Do not use trailing comments FORMAT.TC-3
57:  Line is longer than 80 characters: 88 APSC_DV.003215.LL-3
57:  Line is longer than 80 characters: 88 FORMAT.LL-3
57:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
57:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
57:  Avoid throwing 'Exception' CWE.397.NTERR-3
57:  Avoid throwing 'Exception' EXCEPT.NTERR-3
57:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
57:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
57:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
57:  Concatenating strings INTER.COS-5
57:  Concatenating strings CERT.STR00.COS-3
57:  The String literal "An order with Cart Id " is used SECURITY.WSC.SL-3
57:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
57:  The String literal " does not exist!" is used SECURITY.WSC.SL-3
58:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
62:  Line is longer than 80 characters: 92 APSC_DV.003215.LL-3
62:  Line is longer than 80 characters: 92 FORMAT.LL-3
62:  No JUnit test method defined for 'updateExistingItem()' JUNIT.TEST-2
62:  The method 'updateExistingItem' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
62:  Missing Javadoc comment for method 'updateExistingItem()' JAVADOC.PJDM-3
62:  Method 'updateExistingItem' performs compound action on "synchronized" collection 'cartIdToOrderMap' TRS.CMA-3
62:  Globally unused "public" method: updateExistingItem() GLOBAL.UPPM-4
62:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
62:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
62:  Parameter 'cartId' has the same name as a field OOP.HMF-3
62:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
62:  Variable 'itemId' does not end with 'int' NAMING.UHN-4
62:  Formal parameter 'itemId' is not declared as final CODSTA.BP.FPF-3
62:  Formal parameter 'quantity' is not declared as final CODSTA.BP.FPF-3
62:  Variable 'quantity' does not end with 'int' NAMING.UHN-4
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' OWASP2019.API7.NTX-5
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' APSC_DV.001460.NTX-2
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' CERT.ERR07.NTX-3
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' CODSTA.BP.NTX-3
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' CWE.397.NTX-3
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' OWASP2017.A6.NTX-3
62:  Throwing explicit 'Exception' object in 'updateExistingItem()' OWASP2021.A5.NTX-3
64:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
64:  Parenthesis not followed by 1 space FORMAT.SAP-3
64:  'cartIdToOrderMap' calls "containsKey()" and then "get()" OPT.AUMO-3
64:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
65:  interface type 'List' is used MOBILE.AUI-3
65:  The local variable 'list' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
65:  Local variable 'list' has the same name as a field OOP.HMF-3
65:  The declaration of the local variable 'list' is not followed by a comment CODSTA.READ.CLV-5
65:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
66:  interface type 'Iterator' is used MOBILE.AUI-3
66:  The declaration of the local variable 'iterator' is not followed by a comment CODSTA.READ.CLV-5
67:  Variable 'found' does not end with 'boolean' NAMING.UHN-4
67:  The declaration of the local variable 'found' is not followed by a comment CODSTA.READ.CLV-5
67:  Local constant not declared "final": found CODSTA.READ.FLV-3
68:  Consider using a "for" loop here CODSTA.READ.PFL-5
68:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
68:  Parenthesis not followed by 1 space FORMAT.SAP-3
69:  The declaration of the local variable 'order' is not followed by a comment CODSTA.READ.CLV-5
70:  The declaration of the local variable 'book' is not followed by a comment CODSTA.READ.CLV-5
71:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
71:  Parenthesis not followed by 1 space FORMAT.SAP-3
71:  The return value of 'getProductInfo()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
72:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
72:  Parenthesis not followed by 1 space FORMAT.SAP-3
72:  The return value of 'getProductInfo()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
73:  Line is longer than 80 characters: 81 APSC_DV.003215.LL-3
73:  Line is longer than 80 characters: 81 FORMAT.LL-3
73:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
73:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
73:  Avoid throwing 'Exception' CWE.397.NTERR-3
73:  Avoid throwing 'Exception' EXCEPT.NTERR-3
73:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
73:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
73:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
73:  Concatenating strings INTER.COS-5
73:  Concatenating strings CERT.STR00.COS-3
73:  The String literal "Did not update order with cartId " is used SECURITY.WSC.SL-3
74:  Indentation should be 28 (or 36) spaces APSC_DV.003215.IND-3
74:  Indentation should be 28 (or 36) spaces FORMAT.IND-3
74:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
74:  The String literal ", " is used SECURITY.WSC.SL-3
74:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
74:  The String literal " is greater than " is used SECURITY.WSC.SL-3
75:  Line is longer than 80 characters: 102 APSC_DV.003215.LL-3
75:  Line is longer than 80 characters: 102 FORMAT.LL-3
75:  Indentation should be 28 (or 36) spaces APSC_DV.003215.IND-3
75:  Indentation should be 28 (or 36) spaces FORMAT.IND-3
75:  The String literal "the quantity in stock: " is used SECURITY.WSC.SL-3
75:  The return value of 'getProductInfo()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
75:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
76:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
80:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
81:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
 +  82:  Condition "!found" always evaluates to true BD.PB.CC-2
 +  82:  Condition "!found" always evaluates to true CWE.561.CC-2
 +  82:  Condition "!found" always evaluates to true CWE.570.CC-2
 +  82:  Condition "!found" always evaluates to true CWE.571.CC-2
82:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
82:  Parenthesis not followed by 1 space FORMAT.SAP-3
83:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
83:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
83:  Avoid throwing 'Exception' CWE.397.NTERR-3
83:  Avoid throwing 'Exception' EXCEPT.NTERR-3
83:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
83:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
83:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
83:  Concatenating strings INTER.COS-5
83:  Concatenating strings CERT.STR00.COS-3
83:  The String literal "Did not update order with cartId " is used SECURITY.WSC.SL-3
84:  Indentation should be 20 (or 28) spaces APSC_DV.003215.IND-3
84:  Indentation should be 20 (or 28) spaces FORMAT.IND-3
84:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
84:  The String literal ", order does not exist." is used SECURITY.WSC.SL-3
85:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
86:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
86:  Do not use trailing comments APSC_DV.003215.TC-3
86:  Do not use trailing comments FORMAT.TC-3
87:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
87:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
87:  Avoid throwing 'Exception' CWE.397.NTERR-3
87:  Avoid throwing 'Exception' EXCEPT.NTERR-3
87:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
87:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
87:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
87:  Concatenating strings INTER.COS-5
87:  Concatenating strings CERT.STR00.COS-3
87:  The String literal "Did not update order with cartId " is used SECURITY.WSC.SL-3
87:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
88:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
88:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
88:  The String literal ", itemId " is used SECURITY.WSC.SL-3
88:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
88:  The String literal " does not exist in the order." is used SECURITY.WSC.SL-3
89:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
102:  No JUnit test method defined for 'getCartSize()' JUNIT.TEST-2
102:  Missing Javadoc tag '@since' for method 'getCartSize()' JAVADOC.ECTM-3
102:  Globally unused "public" method: getCartSize() GLOBAL.UPPM-4
102:  "public" method without a '@post' contract: getCartSize () DBC.PUBMPOST-3
102:  "public" method without a '@pre' contract: getCartSize DBC.PUBMPRE-3
112:  Misspelled word 'ites' JAVADOC.SPELL-3
113:  This '@return' tag does not contain a meaningful description of the method's return value JAVADOC.MDJT-3
116:  No JUnit test method defined for 'getCartSize()' JUNIT.TEST-2
116:  Missing Javadoc tag '@since' for method 'getCartSize()' JAVADOC.ECTM-3
116:  Method 'getCartSize' performs compound action on "synchronized" collection 'cartIdToOrderMap' TRS.CMA-3
116:  Globally unused "public" method: getCartSize() GLOBAL.UPPM-4
116:  "public" method without a '@post' contract: getCartSize () DBC.PUBMPOST-3
116:  "public" method without a '@pre' contract: getCartSize DBC.PUBMPRE-3
116:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
116:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
116:  Parameter 'cartId' has the same name as a field OOP.HMF-3
116:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
116:  Throwing explicit 'Exception' object in 'getCartSize()' OWASP2019.API7.NTX-5
116:  Throwing explicit 'Exception' object in 'getCartSize()' APSC_DV.001460.NTX-2
116:  Throwing explicit 'Exception' object in 'getCartSize()' CERT.ERR07.NTX-3
116:  Throwing explicit 'Exception' object in 'getCartSize()' CODSTA.BP.NTX-3
116:  Throwing explicit 'Exception' object in 'getCartSize()' CWE.397.NTX-3
116:  Throwing explicit 'Exception' object in 'getCartSize()' OWASP2017.A6.NTX-3
116:  Throwing explicit 'Exception' object in 'getCartSize()' OWASP2021.A5.NTX-3
117:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
117:  Parenthesis not followed by 1 space FORMAT.SAP-3
117:  'cartIdToOrderMap' calls "containsKey()" and then "get()" OPT.AUMO-3
117:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
118:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
119:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
120:  Avoid throwing 'Exception' APSC_DV.001460.NTERR-2
120:  Avoid throwing 'Exception' CERT.ERR07.NTERR-3
120:  Avoid throwing 'Exception' CWE.397.NTERR-3
120:  Avoid throwing 'Exception' EXCEPT.NTERR-3
120:  Avoid throwing 'Exception' OWASP2017.A6.NTERR-3
120:  Avoid throwing 'Exception' OWASP2021.A5.NTERR-3
120:  Avoid throwing 'Exception' OWASP2019.API7.NTERR-5
120:  Concatenating strings INTER.COS-5
120:  Concatenating strings CERT.STR00.COS-3
120:  The String literal "cartId: " is used SECURITY.WSC.SL-3
121:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
121:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
121:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
121:  The String literal " doesn't exist." is used SECURITY.WSC.SL-3
124:  interface type 'Map' is used MOBILE.AUI-3
124:  interface type 'List' is used MOBILE.AUI-3
124:  No JUnit test method defined for 'getCart()' JUNIT.TEST-2
124:  The method 'getCart' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
124:  Missing Javadoc comment for method 'getCart()' JAVADOC.PJDM-3
124:  Globally unused "public" method: getCart() GLOBAL.UPPM-4
128:  No JUnit test method defined for 'removeEmptyMappings()' JUNIT.TEST-2
128:  Missing Javadoc comment for method 'removeEmptyMappings()' JAVADOC.PJDM-3
128:  Globally unused "public" method: removeEmptyMappings() GLOBAL.UPPM-4
129:  Line is longer than 80 characters: 95 APSC_DV.003215.LL-3
129:  Line is longer than 80 characters: 95 FORMAT.LL-3
129:  interface type 'Iterator' is used MOBILE.AUI-3
129:  interface type 'Entry' is used MOBILE.AUI-3
129:  interface type 'List' is used MOBILE.AUI-3
129:  The declaration of the local variable 'itr' is not followed by a comment CODSTA.READ.CLV-5
130:  Consider using a "for" loop here CODSTA.READ.PFL-5
130:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
130:  Parenthesis not followed by 1 space FORMAT.SAP-3
131:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
131:  Parenthesis not followed by 1 space FORMAT.SAP-3
133:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
134:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
137:  No JUnit test method defined for 'removeOrder()' JUNIT.TEST-2
137:  Missing Javadoc comment for method 'removeOrder()' JAVADOC.PJDM-3
137:  Method 'removeOrder' performs compound action on "synchronized" collection 'cartIdToOrderMap' TRS.CMA-3
137:  Globally unused "public" method: removeOrder() GLOBAL.UPPM-4
137:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
137:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
137:  Parameter 'cartId' has the same name as a field OOP.HMF-3
137:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
138:  Variable 'found' does not end with 'boolean' NAMING.UHN-4
138:  The declaration of the local variable 'found' is not followed by a comment CODSTA.READ.CLV-5
139:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
139:  Parenthesis not followed by 1 space FORMAT.SAP-3
139:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
140:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
142:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
146:  No JUnit test method defined for 'setCartId()' JUNIT.TEST-2
146:  Method 'setCartId()' should be declared "private" CWE.749.DPPM-4
146:  Method 'setCartId()' should be declared "private" GLOBAL.DPPM-4
146:  Method 'setCartId()' should be declared "final" GLOBAL.SPPM-5
146:  Setter method 'setCartId()' is not declared "final" OPT.MAF-5
146:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
146:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
146:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
146:  Parameter 'cartId' has the same name as a field OOP.HMF-3
150:  No JUnit test method defined for 'getCartId()' JUNIT.TEST-2
150:  Globally unused "public" method: getCartId() GLOBAL.UPPM-4
150:  Getter method 'getCartId()' is not declared "final" OPT.MAF-5
154:  Setter method 'setItem()' is not declared "final" OPT.MAF-5
154:  No JUnit test method defined for 'setItem()' JUNIT.TEST-2
154:  Missing Javadoc comment for method 'setItem()' JAVADOC.PJDM-3
154:  Method 'setItem()' should be declared "private" CWE.749.DPPM-4
154:  Method 'setItem()' should be declared "private" GLOBAL.DPPM-4
154:  Method 'setItem()' should be declared "final" GLOBAL.SPPM-5
154:  interface type 'List' is used MOBILE.AUI-3
154:  Formal parameter 'list' is not declared as final CODSTA.BP.FPF-3
154:  The parameter 'list' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
154:  Parameter 'list' has the same name as a field OOP.HMF-3
158:  interface type 'List' is used MOBILE.AUI-3
158:  No JUnit test method defined for 'getItem()' JUNIT.TEST-2
158:  The method 'getItem' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
158:  Missing Javadoc comment for method 'getItem()' JAVADOC.PJDM-3
158:  Globally unused "public" method: getItem() GLOBAL.UPPM-4
158:  Getter method 'getItem()' is not declared "final" OPT.MAF-5
162:  No JUnit test method defined for 'getStaticCart_Id()' JUNIT.TEST-2
162:  Missing Javadoc comment for method 'getStaticCart_Id()' JAVADOC.PJDM-3
162:  Globally unused "public" method: getStaticCart_Id() GLOBAL.UPPM-4
165:  File should be terminated by a newline character APSC_DV.003215.TNL-3
165:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore2/CartTimer.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Public clone method missing CERT.OBJ05.MUCOP-1
5:  Static creation method missing CERT.OBJ05.MUCOP-1
5:  Copy constructor missing CERT.OBJ05.MUCOP-1
5:  Public clone method missing CERT.OBJ06.MUCOP-2
5:  Static creation method missing CERT.OBJ06.MUCOP-2
5:  Copy constructor missing CERT.OBJ06.MUCOP-2
5:  'clone()' method is missing CERT.OBJ07.MCNC-2
5:  Public clone method missing CERT.OBJ04.MUCOP-3
5:  Static creation method missing CERT.OBJ04.MUCOP-3
5:  Copy constructor missing CERT.OBJ04.MUCOP-3
5:  Missing Javadoc comment for 'CartTimer' JAVADOC.PJDC-3
5:  Public clone method missing OOP.MUCOP-3
5:  Static creation method missing OOP.MUCOP-3
5:  Copy constructor missing OOP.MUCOP-3
5:  Globally unused "public" class: com.parasoft.bookstore2.CartTimer GLOBAL.UPPC-4
5:  'writeObject()' method is missing CWE.499.SER-5
5:  'clone()' method is missing SECURITY.WSC.MCNC-5
5:  'writeObject()' method is missing SECURITY.WSC.SER-5
5:  "class" missing a no argument constructor: CartTimer CODSTA.POD.DCTOR-5
5:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
5:  'readObject()' method is missing SECURITY.WSC.DSER-5
6:  Use 1 blank line before every method declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
6:  Use 1 blank line before every method declaration (or corresponding Javadoc) FORMAT.U2BL-3
7:  The method 'run()' does not contain a "try"/"catch" block which catches all possible "Throwable" objects EXCEPT.CATO-2
7:  No JUnit test method defined for 'run()' JUNIT.TEST-2
7:  Missing Javadoc comment for method 'run()' JAVADOC.PJDM-3
8:  Define and reuse a constant for immutable object: 'new CartService()' GC.RCO-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore2/DisplayOrder.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  Public clone method missing CERT.OBJ05.MUCOP-1
3:  Static creation method missing CERT.OBJ05.MUCOP-1
3:  Copy constructor missing CERT.OBJ05.MUCOP-1
3:  Public clone method missing CERT.OBJ06.MUCOP-2
3:  Static creation method missing CERT.OBJ06.MUCOP-2
3:  Copy constructor missing CERT.OBJ06.MUCOP-2
3:  'clone()' method is missing CERT.OBJ07.MCNC-2
3:  Public clone method missing CERT.OBJ04.MUCOP-3
3:  Static creation method missing CERT.OBJ04.MUCOP-3
3:  Copy constructor missing CERT.OBJ04.MUCOP-3
3:  DisplayOrder has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
3:  getter method without an @invariant contract: getItem() DBC.IGM-3
3:  getter method without an @invariant contract: getCartId() DBC.IGM-3
3:  Missing Javadoc comment for 'DisplayOrder' JAVADOC.PJDC-3
3:  Public clone method missing OOP.MUCOP-3
3:  Static creation method missing OOP.MUCOP-3
3:  Copy constructor missing OOP.MUCOP-3
3:  Globally unused "public" class: com.parasoft.bookstore2.DisplayOrder GLOBAL.UPPC-4
3:  'writeObject()' method is missing CWE.499.SER-5
3:  'clone()' method is missing SECURITY.WSC.MCNC-5
3:  'writeObject()' method is missing SECURITY.WSC.SER-5
3:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
3:  'readObject()' method is missing SECURITY.WSC.DSER-5
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
4:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
5:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
5:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
7:  No JUnit test method defined for 'DisplayOrder()' JUNIT.TEST-2
7:  Missing Javadoc comment for method 'DisplayOrder()' JAVADOC.PJDM-3
7:  Field 'item', declared on line 5, is not initialized in this constructor nor in its declaration INIT.CSI-4
7:  Field 'cartId', declared on line 4, is not initialized in this constructor nor in its declaration INIT.CSI-4
11:  No JUnit test method defined for 'DisplayOrder()' JUNIT.TEST-2
11:  Missing Javadoc comment for method 'DisplayOrder()' JAVADOC.PJDM-3
11:  Globally unused "public" constructor DisplayOrder() GLOBAL.UPPM-4
11:  Formal parameter 'order' is not declared as final CODSTA.BP.FPF-3
11:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
11:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
11:  Parameter 'cartId' has the same name as a field OOP.HMF-3
11:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
12:  This assignment may store the original parameter 'order' rather than a copy of the parameter into the field 'item' CERT.OBJ05.SMO-1
12:  This assignment may store the original parameter 'order' rather than a copy of the parameter into the field 'item' CERT.OBJ06.SMO-2
12:  This assignment may store the original parameter 'order' rather than a copy of the parameter into the field 'item' CERT.OBJ04.SMO-3
12:  This assignment may store the original parameter 'order' rather than a copy of the parameter into the field 'item' SECURITY.EAB.SMO-3
16:  No JUnit test method defined for 'getItem()' JUNIT.TEST-2
16:  The method 'getItem' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
16:  Globally unused "public" method: getItem() GLOBAL.UPPM-4
16:  Getter method 'getItem()' is not declared "final" OPT.MAF-5
20:  Setter method 'setItem()' is not declared "final" OPT.MAF-5
20:  No JUnit test method defined for 'setItem()' JUNIT.TEST-2
20:  Globally unused "public" method: setItem() GLOBAL.UPPM-4
20:  Formal parameter 'item' is not declared as final CODSTA.BP.FPF-3
20:  The parameter 'item' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
20:  Parameter 'item' has the same name as a field OOP.HMF-3
24:  No JUnit test method defined for 'getCartId()' JUNIT.TEST-2
24:  Globally unused "public" method: getCartId() GLOBAL.UPPM-4
24:  Getter method 'getCartId()' is not declared "final" OPT.MAF-5
28:  Setter method 'setCartId()' is not declared "final" OPT.MAF-5
28:  No JUnit test method defined for 'setCartId()' JUNIT.TEST-2
28:  Globally unused "public" method: setCartId() GLOBAL.UPPM-4
28:  Formal parameter 'cartId' is not declared as final CODSTA.BP.FPF-3
28:  The parameter 'cartId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
28:  Parameter 'cartId' has the same name as a field OOP.HMF-3
28:  Variable 'cartId' does not end with 'int' NAMING.UHN-4
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore2/ItemNotFoundException.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  'clone()' method is missing CERT.OBJ07.MCNC-2
3:  Missing Javadoc comment for 'ItemNotFoundException' JAVADOC.PJDC-3
3:  ItemNotFoundException implements Serializable instead of Externalizable SERIAL.EZEE-3
3:  Class 'com.parasoft.bookstore2.ItemNotFoundException' should be declared "package-private" GLOBAL.DPPC-4
3:  The immutable class not declared 'final' SECURITY.WSC.FIMU-4
3:  Class 'com.parasoft.bookstore2.ItemNotFoundException' should be declared "final" GLOBAL.SPPC-5
3:  'clone()' method is missing SECURITY.WSC.MCNC-5
3:  "class" missing a no argument constructor: ItemNotFoundException CODSTA.POD.DCTOR-5
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
4:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
8:  Use 1 blank line before every method declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
8:  Use 1 blank line before every method declaration (or corresponding Javadoc) FORMAT.U2BL-3
8:  No JUnit test method defined for 'ItemNotFoundException()' JUNIT.TEST-2
8:  'public' constructor declared CODSTA.BP.CMUTA-3
8:  Missing Javadoc comment for method 'ItemNotFoundException()' JAVADOC.PJDM-3
8:  Constructor 'ItemNotFoundException()' should be declared "package-private" CWE.749.DPPM-4
8:  Constructor 'ItemNotFoundException()' should be declared "package-private" GLOBAL.DPPM-4
8:  Flag not present SECURITY.WSC.INIVF-4
8:  Formal parameter 'msg' is not declared as final CODSTA.BP.FPF-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore2/Order.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Public clone method missing CERT.OBJ05.MUCOP-1
5:  Static creation method missing CERT.OBJ05.MUCOP-1
5:  Copy constructor missing CERT.OBJ05.MUCOP-1
5:  Public clone method missing CERT.OBJ06.MUCOP-2
5:  Static creation method missing CERT.OBJ06.MUCOP-2
5:  Copy constructor missing CERT.OBJ06.MUCOP-2
5:  'clone()' method is missing CERT.OBJ07.MCNC-2
5:  Public clone method missing CERT.OBJ04.MUCOP-3
5:  Static creation method missing CERT.OBJ04.MUCOP-3
5:  Copy constructor missing CERT.OBJ04.MUCOP-3
5:  getter method without an @invariant contract: getBook() DBC.IGM-3
5:  getter method without an @invariant contract: getQuantity() DBC.IGM-3
5:  getter method without an @invariant contract: getTimestamp() DBC.IGM-3
5:  Missing Javadoc comment for 'Order' JAVADOC.PJDC-3
5:  Public clone method missing OOP.MUCOP-3
5:  Static creation method missing OOP.MUCOP-3
5:  Copy constructor missing OOP.MUCOP-3
5:  Class 'com.parasoft.bookstore2.Order' should be declared "package-private" GLOBAL.DPPC-4
5:  'writeObject()' method is missing CWE.499.SER-5
5:  Class 'com.parasoft.bookstore2.Order' should be declared "final" GLOBAL.SPPC-5
5:  'clone()' method is missing SECURITY.WSC.MCNC-5
5:  'writeObject()' method is missing SECURITY.WSC.SER-5
5:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
5:  'readObject()' method is missing SECURITY.WSC.DSER-5
6:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
6:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
7:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
7:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
7:  Variable 'quantity' does not end with 'int' NAMING.UHN-4
8:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
8:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
8:  Missing 'setTimestamp()' method for field 'timestamp' BEAN.NFM-4
8:  Variable 'timestamp' does not end with 'long' NAMING.UHN-4
10:  No JUnit test method defined for 'Order()' JUNIT.TEST-2
10:  Missing Javadoc comment for method 'Order()' JAVADOC.PJDM-3
11:  Inspect that 'System.currentTimeMillis()' is used securely SECURITY.BV.ADT-5
14:  No JUnit test method defined for 'Order()' JUNIT.TEST-2
14:  Missing Javadoc comment for method 'Order()' JAVADOC.PJDM-3
14:  Constructor 'Order()' should be declared "private" CWE.749.DPPM-4
14:  Constructor 'Order()' should be declared "private" GLOBAL.DPPM-4
14:  Formal parameter 'book' is not declared as final CODSTA.BP.FPF-3
14:  The parameter 'book' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
14:  Parameter 'book' has the same name as a field OOP.HMF-3
14:  Formal parameter 'quantity' is not declared as final CODSTA.BP.FPF-3
14:  The parameter 'quantity' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
14:  Parameter 'quantity' has the same name as a field OOP.HMF-3
14:  Variable 'quantity' does not end with 'int' NAMING.UHN-4
14:  Formal parameter 'timestamp' is not declared as final CODSTA.BP.FPF-3
14:  The parameter 'timestamp' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
14:  Parameter 'timestamp' has the same name as a field OOP.HMF-3
14:  Variable 'timestamp' does not end with 'long' NAMING.UHN-4
20:  No JUnit test method defined for 'getBook()' JUNIT.TEST-2
20:  The method 'getBook' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
20:  Method 'getBook()' should be declared "package-private" CWE.749.DPPM-4
20:  Method 'getBook()' should be declared "package-private" GLOBAL.DPPM-4
20:  Method 'getBook()' should be declared "final" GLOBAL.SPPM-5
20:  Getter method 'getBook()' is not declared "final" OPT.MAF-5
24:  Setter method 'setBook()' is not declared "final" OPT.MAF-5
24:  No JUnit test method defined for 'setBook()' JUNIT.TEST-2
24:  Globally unused "public" method: setBook() GLOBAL.UPPM-4
24:  Formal parameter 'book' is not declared as final CODSTA.BP.FPF-3
24:  The parameter 'book' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
24:  Parameter 'book' has the same name as a field OOP.HMF-3
28:  No JUnit test method defined for 'getQuantity()' JUNIT.TEST-2
28:  Method 'getQuantity()' should be declared "package-private" CWE.749.DPPM-4
28:  Method 'getQuantity()' should be declared "package-private" GLOBAL.DPPM-4
28:  Method 'getQuantity()' should be declared "final" GLOBAL.SPPM-5
28:  Getter method 'getQuantity()' is not declared "final" OPT.MAF-5
32:  Setter method 'setQuantity()' is not declared "final" OPT.MAF-5
32:  No JUnit test method defined for 'setQuantity()' JUNIT.TEST-2
32:  Method 'setQuantity()' should be declared "package-private" CWE.749.DPPM-4
32:  Method 'setQuantity()' should be declared "package-private" GLOBAL.DPPM-4
32:  Method 'setQuantity()' should be declared "final" GLOBAL.SPPM-5
32:  Formal parameter 'quantity' is not declared as final CODSTA.BP.FPF-3
32:  The parameter 'quantity' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
32:  Parameter 'quantity' has the same name as a field OOP.HMF-3
32:  Variable 'quantity' does not end with 'int' NAMING.UHN-4
36:  No JUnit test method defined for 'modifyCount()' JUNIT.TEST-2
36:  Missing Javadoc comment for method 'modifyCount()' JAVADOC.PJDM-3
36:  Method 'modifyCount()' should be declared "package-private" CWE.749.DPPM-4
36:  Method 'modifyCount()' should be declared "package-private" GLOBAL.DPPM-4
36:  Method 'modifyCount()' should be declared "final" GLOBAL.SPPM-5
36:  Formal parameter 'amount' is not declared as final CODSTA.BP.FPF-3
36:  Variable 'amount' does not end with 'int' NAMING.UHN-4
40:  No JUnit test method defined for 'getTimestamp()' JUNIT.TEST-2
40:  Globally unused "public" method: getTimestamp() GLOBAL.UPPM-4
40:  Getter method 'getTimestamp()' is not declared "final" OPT.MAF-5
44:  No JUnit test method defined for 'refreshTimestamp()' JUNIT.TEST-2
44:  Missing Javadoc comment for method 'refreshTimestamp()' JAVADOC.PJDM-3
44:  Name of setter method 'refreshTimestamp' does not match user-specified regular expression '^set.' NAMING.SETA-3
44:  Method 'refreshTimestamp()' should be declared "package-private" CWE.749.DPPM-4
44:  Method 'refreshTimestamp()' should be declared "package-private" GLOBAL.DPPM-4
44:  Method 'refreshTimestamp()' should be declared "final" GLOBAL.SPPM-5
45:  Inspect that 'System.currentTimeMillis()' is used securely SECURITY.BV.ADT-5
48:  No JUnit test method defined for 'getDescription()' JUNIT.TEST-2
48:  The method 'getDescription' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
48:  Missing Javadoc comment for method 'getDescription()' JAVADOC.PJDM-3
48:  Globally unused "public" method: getDescription() GLOBAL.UPPM-4
49:  Line is longer than 80 characters: 109 APSC_DV.003215.LL-3
49:  Line is longer than 80 characters: 109 FORMAT.LL-3
49:  Concatenating strings CERT.STR00.COS-3
49:  Non internationalized string: "Order: " INTER.ITT-3
49:  Concatenating strings INTER.COS-5
49:  The String literal "Order: " is used SECURITY.WSC.SL-3
49:  The String literal " x" is used SECURITY.WSC.SL-3
49:  Non internationalized string: " x" INTER.ITT-3
49:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
49:  Non internationalized string: " on " INTER.ITT-3
49:  The String literal " on " is used SECURITY.WSC.SL-3
49:  Unnecessary call to "toString()" CODSTA.READ.AUTS-3
49:  Called 'toString()' on a 'Date' object INTER.DTS-4
51:  File should be terminated by a newline character APSC_DV.003215.TNL-3
51:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore2/ProductInfo.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
4:  "import java.math.BigDecimal" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
4:  "import java.math.BigDecimal" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
6:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
6:  Use 2 blank lines before type declaration FORMAT.BLCD-3
6:  Public clone method missing CERT.OBJ05.MUCOP-1
6:  Static creation method missing CERT.OBJ05.MUCOP-1
6:  Copy constructor missing CERT.OBJ05.MUCOP-1
6:  Serializable class 'ProductInfo' does not implement readObject() APSC_DV.001460.OROM-2
6:  Public clone method missing CERT.OBJ06.MUCOP-2
6:  Static creation method missing CERT.OBJ06.MUCOP-2
6:  Copy constructor missing CERT.OBJ06.MUCOP-2
6:  'clone()' method is missing CERT.OBJ07.MCNC-2
6:  Public clone method missing CERT.OBJ04.MUCOP-3
6:  Static creation method missing CERT.OBJ04.MUCOP-3
6:  Copy constructor missing CERT.OBJ04.MUCOP-3
6:  ProductInfo has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
6:  getter method without an @invariant contract: getName() DBC.IGM-3
6:  getter method without an @invariant contract: getId() DBC.IGM-3
6:  getter method without an @invariant contract: getStockQuantity() DBC.IGM-3
6:  getter method without an @invariant contract: getAmount() DBC.IGM-3
6:  Missing Javadoc comment for 'ProductInfo' JAVADOC.PJDC-3
6:  Public clone method missing OOP.MUCOP-3
6:  Static creation method missing OOP.MUCOP-3
6:  Copy constructor missing OOP.MUCOP-3
6:  ProductInfo implements Serializable instead of Externalizable SERIAL.EZEE-3
6:  Class 'com.parasoft.bookstore2.ProductInfo' should be declared "package-private" GLOBAL.DPPC-4
6:  Class 'com.parasoft.bookstore2.ProductInfo' should be declared "final" GLOBAL.SPPC-5
6:  Serializable class 'ProductInfo' does not implement readObject() OWASP2017.A8.OROM-5
6:  Serializable class 'ProductInfo' does not implement readObject() OWASP2021.A8.OROM-5
6:  Serializable class 'ProductInfo' does not implement readObject() SECURITY.EAB.OROM-5
6:  'clone()' method is missing SECURITY.WSC.MCNC-5
6:  Number of Javadoc comments are below thresholds (%): 6.0 METRICS.PJDC-3
6:  interface type 'Serializable' is used MOBILE.AUI-3
7:  Opening brace '{' is not on the same line as the type declaration APSC_DV.003215.FCB-3
7:  Opening brace '{' is not on the same line as the type declaration FORMAT.FCB-3
8:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
8:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
8:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
12:  Inspect field 'id' to ensure it will not expose sensitive data CWE.499.SIF-1
12:  Inspect field 'id' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
12:  Inspect field 'id' to ensure it will not expose sensitive data CERT.SER03.SIF-2
12:  Variable 'id' does not end with 'int' NAMING.UHN-4
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
13:  Inspect field 'title' to ensure it will not expose sensitive data CWE.499.SIF-1
13:  Inspect field 'title' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
13:  Inspect field 'title' to ensure it will not expose sensitive data CERT.SER03.SIF-2
13:  Missing 'getTitle()' method for field 'title' BEAN.NFM-4
13:  Missing 'setTitle()' method for field 'title' BEAN.NFM-4
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
14:  Inspect field 'quantity_in_stock' to ensure it will not expose sensitive data CWE.499.SIF-1
14:  Inspect field 'quantity_in_stock' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
14:  Inspect field 'quantity_in_stock' to ensure it will not expose sensitive data CERT.SER03.SIF-2
14:  Missing 'getQuantity_in_stock()' method for field 'quantity_in_stock' BEAN.NFM-4
14:  Missing 'setQuantity_in_stock()' method for field 'quantity_in_stock' BEAN.NFM-4
14:  Variable 'quantity_in_stock' does not end with 'int' NAMING.UHN-4
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
15:  Inspect field 'amount' to ensure it will not expose sensitive data CWE.499.SIF-1
15:  Inspect field 'amount' to ensure it will not expose sensitive data SECURITY.ESD.SIF-1
15:  Inspect field 'amount' to ensure it will not expose sensitive data CERT.SER03.SIF-2
17:  No JUnit test method defined for 'ProductInfo()' JUNIT.TEST-2
17:  Missing Javadoc comment for method 'ProductInfo()' JAVADOC.PJDM-3
17:  Field 'title', declared on line 13, is not initialized in this constructor nor in its declaration INIT.CSI-4
17:  Field 'id', declared on line 12, is not initialized in this constructor nor in its declaration INIT.CSI-4
17:  Field 'quantity_in_stock', declared on line 14, is not initialized in this constructor nor in its declaration INIT.CSI-4
17:  Field 'amount', declared on line 15, is not initialized in this constructor nor in its declaration INIT.CSI-4
17:  Overloaded constructors: 'ProductInfo' have different accessibilities CODSTA.BP.OCMA-5
21:  Constructor 'ProductInfo' throws 'ItemNotFoundException' CERT.OBJ11.EPNFC-1
21:  No JUnit test method defined for 'ProductInfo()' JUNIT.TEST-2
21:  Constructor 'ProductInfo' throws 'ItemNotFoundException' EXCEPT.EPNFC-3
21:  Constructor 'ProductInfo()' should be declared "package-private" CWE.749.DPPM-4
21:  Constructor 'ProductInfo()' should be declared "package-private" GLOBAL.DPPM-4
21:  Formal parameter 'id' is not declared as final CODSTA.BP.FPF-3
21:  The parameter 'id' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
21:  Parameter 'id' has the same name as a field OOP.HMF-3
21:  Variable 'id' does not end with 'int' NAMING.UHN-4
21:  Formal parameter 'name' is not declared as final CODSTA.BP.FPF-3
21:  Formal parameter 'amount' is not declared as final CODSTA.BP.FPF-3
21:  The parameter 'amount' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
21:  Parameter 'amount' has the same name as a field OOP.HMF-3
21:  Formal parameter 'quantity' is not declared as final CODSTA.BP.FPF-3
21:  Variable 'quantity' does not end with 'int' NAMING.UHN-4
22:  Indentation should be 4 (or 12) spaces APSC_DV.003215.IND-3
22:  Indentation should be 4 (or 12) spaces FORMAT.IND-3
22:  Exception 'ItemNotFoundException' is not thrown in the body of method 'ProductInfo' GLOBAL.AUT-2
29:  No JUnit test method defined for 'getName()' JUNIT.TEST-2
29:  The method 'getName' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
29:  Missing Javadoc comment for method 'getName()' JAVADOC.PJDM-3
29:  Method 'getName()' should be declared "package-private" CWE.749.DPPM-4
29:  Method 'getName()' should be declared "package-private" GLOBAL.DPPM-4
29:  Method 'getName()' should be declared "final" GLOBAL.SPPM-5
29:  Getter method 'getName()' is not declared "final" OPT.MAF-5
33:  Setter method 'setName()' is not declared "final" OPT.MAF-5
33:  No JUnit test method defined for 'setName()' JUNIT.TEST-2
33:  Missing Javadoc comment for method 'setName()' JAVADOC.PJDM-3
33:  Globally unused "public" method: setName() GLOBAL.UPPM-4
33:  Formal parameter 'title' is not declared as final CODSTA.BP.FPF-3
33:  The parameter 'title' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
33:  Parameter 'title' has the same name as a field OOP.HMF-3
37:  No JUnit test method defined for 'getId()' JUNIT.TEST-2
37:  Method 'getId()' should be declared "package-private" CWE.749.DPPM-4
37:  Method 'getId()' should be declared "package-private" GLOBAL.DPPM-4
37:  Method 'getId()' should be declared "final" GLOBAL.SPPM-5
37:  Getter method 'getId()' is not declared "final" OPT.MAF-5
41:  Setter method 'setId()' is not declared "final" OPT.MAF-5
41:  No JUnit test method defined for 'setId()' JUNIT.TEST-2
41:  Globally unused "public" method: setId() GLOBAL.UPPM-4
41:  Formal parameter 'id' is not declared as final CODSTA.BP.FPF-3
41:  The parameter 'id' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
41:  Parameter 'id' has the same name as a field OOP.HMF-3
41:  Variable 'id' does not end with 'int' NAMING.UHN-4
45:  No JUnit test method defined for 'getStockQuantity()' JUNIT.TEST-2
45:  Missing Javadoc comment for method 'getStockQuantity()' JAVADOC.PJDM-3
45:  Method 'getStockQuantity()' should be declared "package-private" CWE.749.DPPM-4
45:  Method 'getStockQuantity()' should be declared "package-private" GLOBAL.DPPM-4
45:  Method 'getStockQuantity()' should be declared "final" GLOBAL.SPPM-5
45:  Getter method 'getStockQuantity()' is not declared "final" OPT.MAF-5
49:  Setter method 'setStockQuantity()' is not declared "final" OPT.MAF-5
49:  No JUnit test method defined for 'setStockQuantity()' JUNIT.TEST-2
49:  Missing Javadoc comment for method 'setStockQuantity()' JAVADOC.PJDM-3
49:  Globally unused "public" method: setStockQuantity() GLOBAL.UPPM-4
49:  Formal parameter 'quantity_in_stock' is not declared as final CODSTA.BP.FPF-3
49:  The parameter 'quantity_in_stock' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
49:  Parameter 'quantity_in_stock' has the same name as a field OOP.HMF-3
49:  Variable 'quantity_in_stock' does not end with 'int' NAMING.UHN-4
53:  No JUnit test method defined for 'getAmount()' JUNIT.TEST-2
53:  The method 'getAmount' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
53:  Globally unused "public" method: getAmount() GLOBAL.UPPM-4
53:  Getter method 'getAmount()' is not declared "final" OPT.MAF-5
57:  Setter method 'setAmount()' is not declared "final" OPT.MAF-5
57:  No JUnit test method defined for 'setAmount()' JUNIT.TEST-2
57:  Method 'setAmount()' should be declared "private" CWE.749.DPPM-4
57:  Method 'setAmount()' should be declared "private" GLOBAL.DPPM-4
57:  Method 'setAmount()' should be declared "final" GLOBAL.SPPM-5
57:  Formal parameter 'amount' is not declared as final CODSTA.BP.FPF-3
57:  The parameter 'amount' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
57:  Parameter 'amount' has the same name as a field OOP.HMF-3
61:  No JUnit test method defined for 'inflateAmount()' JUNIT.TEST-2
61:  Missing Javadoc comment for method 'inflateAmount()' JAVADOC.PJDM-3
61:  Method 'inflateAmount()' should be declared "package-private" CWE.749.DPPM-4
61:  Method 'inflateAmount()' should be declared "package-private" GLOBAL.DPPM-4
61:  Method 'inflateAmount()' should be declared "final" GLOBAL.SPPM-5
61:  Formal parameter 'inflate' is not declared as final CODSTA.BP.FPF-3
66:  The method 'toString' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
66:  Missing Javadoc comment for method 'toString()' JAVADOC.PJDM-3
66:  Missing Javadoc for 'toString()' JAVADOC.TSMJT-3
66:  Missing Javadoc for 'toString()' OWASP2019.API9.TSMJT-5
66:  Getter method 'toString()' is not declared "final" OPT.MAF-5
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore2/SubmittedOrder.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Public clone method missing CERT.OBJ05.MUCOP-1
5:  Static creation method missing CERT.OBJ05.MUCOP-1
5:  Copy constructor missing CERT.OBJ05.MUCOP-1
5:  Public clone method missing CERT.OBJ06.MUCOP-2
5:  Static creation method missing CERT.OBJ06.MUCOP-2
5:  Copy constructor missing CERT.OBJ06.MUCOP-2
5:  'clone()' method is missing CERT.OBJ07.MCNC-2
5:  Public clone method missing CERT.OBJ04.MUCOP-3
5:  Static creation method missing CERT.OBJ04.MUCOP-3
5:  Copy constructor missing CERT.OBJ04.MUCOP-3
5:  SubmittedOrder has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
5:  getter method without an @invariant contract: getOrderTime() DBC.IGM-3
5:  getter method without an @invariant contract: getSuccess() DBC.IGM-3
5:  Missing Javadoc comment for 'SubmittedOrder' JAVADOC.PJDC-3
5:  Public clone method missing OOP.MUCOP-3
5:  Static creation method missing OOP.MUCOP-3
5:  Copy constructor missing OOP.MUCOP-3
5:  Globally unused "public" class: com.parasoft.bookstore2.SubmittedOrder GLOBAL.UPPC-4
5:  'writeObject()' method is missing CWE.499.SER-5
5:  'clone()' method is missing SECURITY.WSC.MCNC-5
5:  'writeObject()' method is missing SECURITY.WSC.SER-5
5:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
5:  'readObject()' method is missing SECURITY.WSC.DSER-5
6:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
6:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
6:  Missing 'isSuccessIndicator()' method for field 'successIndicator' BEAN.NFM-4
6:  Missing 'setSuccessIndicator()' method for field 'successIndicator' BEAN.NFM-4
6:  Variable 'successIndicator' does not end with 'boolean' NAMING.UHN-4
7:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
7:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
7:  Missing 'getDate()' method for field 'date' BEAN.NFM-4
7:  Missing 'setDate()' method for field 'date' BEAN.NFM-4
7:  Inspect usage of the 'Date' object 'date' SECURITY.BV.ADT-5
9:  No JUnit test method defined for 'SubmittedOrder()' JUNIT.TEST-2
9:  Missing Javadoc comment for method 'SubmittedOrder()' JAVADOC.PJDM-3
9:  Field 'successIndicator', declared on line 6, is not initialized in this constructor nor in its declaration INIT.CSI-4
9:  Field 'date', declared on line 7, is not initialized in this constructor nor in its declaration INIT.CSI-4
13:  No JUnit test method defined for 'SubmittedOrder()' JUNIT.TEST-2
13:  Missing Javadoc comment for method 'SubmittedOrder()' JAVADOC.PJDM-3
13:  Globally unused "public" constructor SubmittedOrder() GLOBAL.UPPM-4
13:  Formal parameter 'successIndicator' is not declared as final CODSTA.BP.FPF-3
13:  The parameter 'successIndicator' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
13:  Parameter 'successIndicator' has the same name as a field OOP.HMF-3
13:  Variable 'successIndicator' does not end with 'boolean' NAMING.UHN-4
13:  Formal parameter 'time' is not declared as final CODSTA.BP.FPF-3
13:  Variable 'time' does not end with 'long' NAMING.UHN-4
18:  No JUnit test method defined for 'setOrderTime()' JUNIT.TEST-2
18:  Missing Javadoc comment for method 'setOrderTime()' JAVADOC.PJDM-3
18:  Globally unused "public" method: setOrderTime() GLOBAL.UPPM-4
18:  Setter method 'setOrderTime()' is not declared "final" OPT.MAF-5
18:  Formal parameter 'date' is not declared as final CODSTA.BP.FPF-3
18:  The parameter 'date' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
18:  Parameter 'date' has the same name as a field OOP.HMF-3
18:  Inspect usage of the 'Date' object 'date' SECURITY.BV.ADT-5
22:  No JUnit test method defined for 'getOrderTime()' JUNIT.TEST-2
22:  The method 'getOrderTime' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
22:  Missing Javadoc comment for method 'getOrderTime()' JAVADOC.PJDM-3
22:  Globally unused "public" method: getOrderTime() GLOBAL.UPPM-4
22:  Getter method 'getOrderTime()' is not declared "final" OPT.MAF-5
26:  No JUnit test method defined for 'setSuccess()' JUNIT.TEST-2
26:  Missing Javadoc comment for method 'setSuccess()' JAVADOC.PJDM-3
26:  Globally unused "public" method: setSuccess() GLOBAL.UPPM-4
26:  Setter method 'setSuccess()' is not declared "final" OPT.MAF-5
26:  Formal parameter 'successIndicator' is not declared as final CODSTA.BP.FPF-3
26:  The parameter 'successIndicator' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
26:  Parameter 'successIndicator' has the same name as a field OOP.HMF-3
26:  Variable 'successIndicator' does not end with 'boolean' NAMING.UHN-4
30:  No JUnit test method defined for 'getSuccess()' JUNIT.TEST-2
30:  Missing Javadoc comment for method 'getSuccess()' JAVADOC.PJDM-3
30:  Name of "boolean" getter method 'getSuccess' does not match user-specified regular expression '^(is|can|has|have|are|was|contains).' NAMING.GETB-3
30:  Globally unused "public" method: getSuccess() GLOBAL.UPPM-4
30:  Getter method 'getSuccess()' is not declared "final" OPT.MAF-5
/com.parasoft:parabank/src/main/java/com/parasoft/bookstore2/TempBook.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  Public clone method missing CERT.OBJ05.MUCOP-1
3:  Static creation method missing CERT.OBJ05.MUCOP-1
3:  Copy constructor missing CERT.OBJ05.MUCOP-1
3:  Public clone method missing CERT.OBJ06.MUCOP-2
3:  Static creation method missing CERT.OBJ06.MUCOP-2
3:  Copy constructor missing CERT.OBJ06.MUCOP-2
3:  'clone()' method is missing CERT.OBJ07.MCNC-2
3:  Public clone method missing CERT.OBJ04.MUCOP-3
3:  Static creation method missing CERT.OBJ04.MUCOP-3
3:  Copy constructor missing CERT.OBJ04.MUCOP-3
3:  TempBook has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
3:  getter method without an @invariant contract: getTimestamp() DBC.IGM-3
3:  getter method without an @invariant contract: getBook() DBC.IGM-3
3:  Missing Javadoc comment for 'TempBook' JAVADOC.PJDC-3
3:  Public clone method missing OOP.MUCOP-3
3:  Static creation method missing OOP.MUCOP-3
3:  Copy constructor missing OOP.MUCOP-3
3:  Class 'com.parasoft.bookstore2.TempBook' should be declared "package-private" GLOBAL.DPPC-4
3:  'writeObject()' method is missing CWE.499.SER-5
3:  Class 'com.parasoft.bookstore2.TempBook' should be declared "final" GLOBAL.SPPC-5
3:  'clone()' method is missing SECURITY.WSC.MCNC-5
3:  'writeObject()' method is missing SECURITY.WSC.SER-5
3:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
3:  'readObject()' method is missing SECURITY.WSC.DSER-5
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
5:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
5:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
5:  Variable 'timestamp' does not end with 'long' NAMING.UHN-4
7:  No JUnit test method defined for 'TempBook()' JUNIT.TEST-2
7:  Missing Javadoc comment for method 'TempBook()' JAVADOC.PJDM-3
7:  Field 'book', declared on line 4, is not initialized in this constructor nor in its declaration INIT.CSI-4
7:  Field 'timestamp', declared on line 5, is not initialized in this constructor nor in its declaration INIT.CSI-4
11:  No JUnit test method defined for 'TempBook()' JUNIT.TEST-2
11:  Missing Javadoc comment for method 'TempBook()' JAVADOC.PJDM-3
11:  Globally unused "public" constructor TempBook() GLOBAL.UPPM-4
11:  Formal parameter 'book' is not declared as final CODSTA.BP.FPF-3
11:  The parameter 'book' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
11:  Parameter 'book' has the same name as a field OOP.HMF-3
11:  Formal parameter 'timestamp' is not declared as final CODSTA.BP.FPF-3
11:  The parameter 'timestamp' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
11:  Parameter 'timestamp' has the same name as a field OOP.HMF-3
11:  Variable 'timestamp' does not end with 'long' NAMING.UHN-4
16:  No JUnit test method defined for 'getTimestamp()' JUNIT.TEST-2
16:  Globally unused "public" method: getTimestamp() GLOBAL.UPPM-4
16:  Getter method 'getTimestamp()' is not declared "final" OPT.MAF-5
20:  Setter method 'setTimestamp()' is not declared "final" OPT.MAF-5
20:  No JUnit test method defined for 'setTimestamp()' JUNIT.TEST-2
20:  Globally unused "public" method: setTimestamp() GLOBAL.UPPM-4
20:  Formal parameter 'timestamp' is not declared as final CODSTA.BP.FPF-3
20:  The parameter 'timestamp' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
20:  Parameter 'timestamp' has the same name as a field OOP.HMF-3
20:  Variable 'timestamp' does not end with 'long' NAMING.UHN-4
24:  No JUnit test method defined for 'getBook()' JUNIT.TEST-2
24:  The method 'getBook' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
24:  Method 'getBook()' should be declared "package-private" CWE.749.DPPM-4
24:  Method 'getBook()' should be declared "package-private" GLOBAL.DPPM-4
24:  Method 'getBook()' should be declared "final" GLOBAL.SPPM-5
24:  Getter method 'getBook()' is not declared "final" OPT.MAF-5
28:  Setter method 'setBook()' is not declared "final" OPT.MAF-5
28:  No JUnit test method defined for 'setBook()' JUNIT.TEST-2
28:  Globally unused "public" method: setBook() GLOBAL.UPPM-4
28:  Formal parameter 'book' is not declared as final CODSTA.BP.FPF-3
28:  The parameter 'book' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
28:  Parameter 'book' has the same name as a field OOP.HMF-3
32:  No JUnit test method defined for 'refreshTimestamp()' JUNIT.TEST-2
32:  Missing Javadoc comment for method 'refreshTimestamp()' JAVADOC.PJDM-3
32:  Name of setter method 'refreshTimestamp' does not match user-specified regular expression '^set.' NAMING.SETA-3
32:  Method 'refreshTimestamp()' should be declared "package-private" CWE.749.DPPM-4
32:  Method 'refreshTimestamp()' should be declared "package-private" GLOBAL.DPPM-4
32:  Method 'refreshTimestamp()' should be declared "final" GLOBAL.SPPM-5
33:  Inspect that 'System.currentTimeMillis()' is used securely SECURITY.BV.ADT-5
35:  File should be terminated by a newline character APSC_DV.003215.TNL-3
35:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/dao/AccountDao.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.Account CODSTA.ORG.ORIMP-5
7:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
7:  Use 2 blank lines before type declaration FORMAT.BLCD-3
7:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
10:  'clone()' method is missing CERT.OBJ07.MCNC-2
10:  Missing Javadoc tag '@since' for interface 'AccountDao' JAVADOC.ECTT-3
10:  The interface 'AccountDao' is never implemented GLOBAL.NIE-4
10:  Globally unused "public" interface: com.parasoft.parabank.dao.AccountDao GLOBAL.UPPC-4
10:  Missing '@author' Javadoc tag: AccountDao JAVADOC.MAJDT-4
10:  'writeObject()' method is missing CWE.499.SER-5
10:  'clone()' method is missing SECURITY.WSC.MCNC-5
10:  'writeObject()' method is missing SECURITY.WSC.SER-5
10:  Missing '@version' Javadoc tag: AccountDao JAVADOC.MVJDT-3
18:  "public" method without a '@post' contract: getAccount () DBC.PUBMPOST-3
18:  "public" method without a '@pre' contract: getAccount DBC.PUBMPRE-3
18:  The '@post'/'@return' tag(s) for the method 'getAccount' do not properly describe whether or not the method can return null JAVADOC.CRN-3
18:  Variable 'id' does not end with 'int' NAMING.UHN-4
26:  interface type 'List' is used MOBILE.AUI-3
26:  The '@post'/'@return' tag(s) for the method 'getAccountsForCustomerId' do not properly describe whether or not the method can return null JAVADOC.CRN-3
26:  "public" method without a '@post' contract: getAccountsForCustomerId () DBC.PUBMPOST-3
26:  "public" method without a '@pre' contract: getAccountsForCustomerId DBC.PUBMPRE-3
26:  Variable 'customerId' does not end with 'int' NAMING.UHN-4
36:  "public" method without a '@post' contract: createAccount () DBC.PUBMPOST-3
36:  "public" method without a '@pre' contract: createAccount DBC.PUBMPRE-3
43:  "public" method without a '@post' contract: updateAccount () DBC.PUBMPOST-3
43:  "public" method without a '@pre' contract: updateAccount DBC.PUBMPRE-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/dao/AdminDao.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
8:  Public clone method missing CERT.OBJ05.MUCOP-1
8:  Static creation method missing CERT.OBJ05.MUCOP-1
8:  Copy constructor missing CERT.OBJ05.MUCOP-1
8:  Public clone method missing CERT.OBJ06.MUCOP-2
8:  Static creation method missing CERT.OBJ06.MUCOP-2
8:  Copy constructor missing CERT.OBJ06.MUCOP-2
8:  'clone()' method is missing CERT.OBJ07.MCNC-2
8:  Public clone method missing CERT.OBJ04.MUCOP-3
8:  Static creation method missing CERT.OBJ04.MUCOP-3
8:  Copy constructor missing CERT.OBJ04.MUCOP-3
8:  Missing Javadoc tag '@since' for interface 'AdminDao' JAVADOC.ECTT-3
8:  Public clone method missing OOP.MUCOP-3
8:  Static creation method missing OOP.MUCOP-3
8:  Copy constructor missing OOP.MUCOP-3
8:  The interface 'AdminDao' is never implemented GLOBAL.NIE-4
8:  Globally unused "public" interface: com.parasoft.parabank.dao.AdminDao GLOBAL.UPPC-4
8:  Missing '@author' Javadoc tag: AdminDao JAVADOC.MAJDT-4
8:  'writeObject()' method is missing CWE.499.SER-5
8:  'clone()' method is missing SECURITY.WSC.MCNC-5
8:  'writeObject()' method is missing SECURITY.WSC.SER-5
8:  Missing '@version' Javadoc tag: AdminDao JAVADOC.MVJDT-3
14:  '@return ' doesn't match the return type of 'initializeDB' JAVADOC.DPMT-3
14:  This '@return' tag does not contain a meaningful description of the method's return value JAVADOC.MDJT-3
14:  '@return ' doesn't match the return type of 'initializeDB' OWASP2019.API9.DPMT-3
16:  Indentation should be 4 spaces APSC_DV.003215.IND-3
16:  Indentation should be 4 spaces FORMAT.IND-3
16:  "void" method has '@return' tag: 'initializeDB ()' JAVADOC.VMCR-3
16:  "void" method has '@return' tag: 'initializeDB ()' OWASP2019.API9.VMCR-3
16:  "public" method without a '@post' contract: initializeDB () DBC.PUBMPOST-3
16:  "public" method without a '@pre' contract: initializeDB DBC.PUBMPRE-3
23:  "public" method without a '@post' contract: cleanDB () DBC.PUBMPOST-3
23:  "public" method without a '@pre' contract: cleanDB DBC.PUBMPRE-3
31:  "public" method without a '@post' contract: getParameter () DBC.PUBMPOST-3
31:  "public" method without a '@pre' contract: getParameter DBC.PUBMPRE-3
31:  The '@post'/'@return' tag(s) for the method 'getParameter' do not properly describe whether or not the method can return null JAVADOC.CRN-3
39:  "public" method without a '@post' contract: setParameter () DBC.PUBMPOST-3
39:  "public" method without a '@pre' contract: setParameter DBC.PUBMPRE-3
46:  interface type 'Map' is used MOBILE.AUI-3
46:  The '@post'/'@return' tag(s) for the method 'getParameters' do not properly describe whether or not the method can return null JAVADOC.CRN-3
46:  "public" method without a '@post' contract: getParameters () DBC.PUBMPOST-3
46:  "public" method without a '@pre' contract: getParameters DBC.PUBMPRE-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/dao/CustomerDao.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
8:  'clone()' method is missing CERT.OBJ07.MCNC-2
8:  Missing Javadoc tag '@since' for interface 'CustomerDao' JAVADOC.ECTT-3
8:  The interface 'CustomerDao' is never implemented GLOBAL.NIE-4
8:  Globally unused "public" interface: com.parasoft.parabank.dao.CustomerDao GLOBAL.UPPC-4
8:  Missing '@author' Javadoc tag: CustomerDao JAVADOC.MAJDT-4
8:  'writeObject()' method is missing CWE.499.SER-5
8:  'clone()' method is missing SECURITY.WSC.MCNC-5
8:  'writeObject()' method is missing SECURITY.WSC.SER-5
8:  Missing '@version' Javadoc tag: CustomerDao JAVADOC.MVJDT-3
16:  "public" method without a '@post' contract: getCustomer () DBC.PUBMPOST-3
16:  "public" method without a '@pre' contract: getCustomer DBC.PUBMPRE-3
16:  The '@post'/'@return' tag(s) for the method 'getCustomer' do not properly describe whether or not the method can return null JAVADOC.CRN-3
16:  Variable 'id' does not end with 'int' NAMING.UHN-4
26:  The '@post'/'@return' tag(s) for the method 'getCustomer' do not properly describe whether or not the method can return null JAVADOC.CRN-3
26:  "public" method without a '@post' contract: getCustomer () DBC.PUBMPOST-3
26:  "public" method without a '@pre' contract: getCustomer DBC.PUBMPRE-3
29:  Misspelled word 'usernamd' JAVADOC.SPELL-3
35:  The '@post'/'@return' tag(s) for the method 'getCustomer' do not properly describe whether or not the method can return null JAVADOC.CRN-3
35:  "public" method without a '@post' contract: getCustomer () DBC.PUBMPOST-3
35:  "public" method without a '@pre' contract: getCustomer DBC.PUBMPRE-3
45:  "public" method without a '@post' contract: createCustomer () DBC.PUBMPOST-3
45:  "public" method without a '@pre' contract: createCustomer DBC.PUBMPRE-3
52:  "public" method without a '@post' contract: updateCustomer () DBC.PUBMPOST-3
52:  "public" method without a '@pre' contract: updateCustomer DBC.PUBMPRE-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/dao/NewsDao.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
6:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.News CODSTA.ORG.ORIMP-5
8:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
8:  Use 2 blank lines before type declaration FORMAT.BLCD-3
8:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
11:  'clone()' method is missing CERT.OBJ07.MCNC-2
11:  Missing Javadoc tag '@since' for interface 'NewsDao' JAVADOC.ECTT-3
11:  The interface 'NewsDao' is never implemented GLOBAL.NIE-4
11:  Missing '@author' Javadoc tag: NewsDao JAVADOC.MAJDT-4
11:  'writeObject()' method is missing CWE.499.SER-5
11:  'clone()' method is missing SECURITY.WSC.MCNC-5
11:  'writeObject()' method is missing SECURITY.WSC.SER-5
11:  Missing '@version' Javadoc tag: NewsDao JAVADOC.MVJDT-3
18:  interface type 'List' is used MOBILE.AUI-3
18:  The '@post'/'@return' tag(s) for the method 'getNews' do not properly describe whether or not the method can return null JAVADOC.CRN-3
18:  "public" method without a '@post' contract: getNews () DBC.PUBMPOST-3
18:  "public" method without a '@pre' contract: getNews DBC.PUBMPRE-3
26:  interface type 'List' is used MOBILE.AUI-3
26:  The '@post'/'@return' tag(s) for the method 'getNewsForDate' do not properly describe whether or not the method can return null JAVADOC.CRN-3
26:  "public" method without a '@post' contract: getNewsForDate () DBC.PUBMPOST-3
26:  "public" method without a '@pre' contract: getNewsForDate DBC.PUBMPRE-3
26:  Inspect usage of the 'Date' object 'date' SECURITY.BV.ADT-5
33:  The '@post'/'@return' tag(s) for the method 'getLatestNewsDate' do not properly describe whether or not the method can return null JAVADOC.CRN-3
33:  "public" method without a '@post' contract: getLatestNewsDate () DBC.PUBMPOST-3
33:  "public" method without a '@pre' contract: getLatestNewsDate DBC.PUBMPRE-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/dao/PositionDao.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
6:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.HistoryPoint CODSTA.ORG.ORIMP-5
9:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
9:  Use 2 blank lines before type declaration FORMAT.BLCD-3
9:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
12:  'clone()' method is missing CERT.OBJ07.MCNC-2
12:  Missing Javadoc tag '@since' for interface 'PositionDao' JAVADOC.ECTT-3
12:  The interface 'PositionDao' is never implemented GLOBAL.NIE-4
12:  Globally unused "public" interface: com.parasoft.parabank.dao.PositionDao GLOBAL.UPPC-4
12:  Missing '@author' Javadoc tag: PositionDao JAVADOC.MAJDT-4
12:  'writeObject()' method is missing CWE.499.SER-5
12:  'clone()' method is missing SECURITY.WSC.MCNC-5
12:  'writeObject()' method is missing SECURITY.WSC.SER-5
12:  Missing '@version' Javadoc tag: PositionDao JAVADOC.MVJDT-3
20:  "public" method without a '@post' contract: getPosition () DBC.PUBMPOST-3
20:  "public" method without a '@pre' contract: getPosition DBC.PUBMPRE-3
20:  The '@post'/'@return' tag(s) for the method 'getPosition' do not properly describe whether or not the method can return null JAVADOC.CRN-3
20:  Variable 'positionId' does not end with 'int' NAMING.UHN-4
28:  interface type 'List' is used MOBILE.AUI-3
28:  The '@post'/'@return' tag(s) for the method 'getPositionsForCustomerId' do not properly describe whether or not the method can return null JAVADOC.CRN-3
28:  "public" method without a '@post' contract: getPositionsForCustomerId () DBC.PUBMPOST-3
28:  "public" method without a '@pre' contract: getPositionsForCustomerId DBC.PUBMPRE-3
28:  Variable 'customerId' does not end with 'int' NAMING.UHN-4
39:  Line is longer than 80 characters: 88 APSC_DV.003215.LL-3
39:  Line is longer than 80 characters: 88 FORMAT.LL-3
39:  interface type 'List' is used MOBILE.AUI-3
39:  The '@post'/'@return' tag(s) for the method 'getPositionHistory' do not properly describe whether or not the method can return null JAVADOC.CRN-3
39:  "public" method without a '@post' contract: getPositionHistory () DBC.PUBMPOST-3
39:  "public" method without a '@pre' contract: getPositionHistory DBC.PUBMPRE-3
39:  Variable 'positionId' does not end with 'int' NAMING.UHN-4
39:  Inspect usage of the 'Date' object 'startDate' SECURITY.BV.ADT-5
39:  Inspect usage of the 'Date' object 'endDate' SECURITY.BV.ADT-5
49:  "public" method without a '@post' contract: createPosition () DBC.PUBMPOST-3
49:  "public" method without a '@pre' contract: createPosition DBC.PUBMPRE-3
57:  "public" method without a '@post' contract: updatePosition () DBC.PUBMPOST-3
57:  "public" method without a '@pre' contract: updatePosition DBC.PUBMPRE-3
65:  "public" method without a '@post' contract: deletePosition () DBC.PUBMPOST-3
65:  "public" method without a '@pre' contract: deletePosition DBC.PUBMPRE-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/dao/TransactionDao.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.Transaction CODSTA.ORG.ORIMP-5
8:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
8:  Use 2 blank lines before type declaration FORMAT.BLCD-3
8:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
11:  'clone()' method is missing CERT.OBJ07.MCNC-2
11:  Missing Javadoc tag '@since' for interface 'TransactionDao' JAVADOC.ECTT-3
11:  The interface 'TransactionDao' is never implemented GLOBAL.NIE-4
11:  Globally unused "public" interface: com.parasoft.parabank.dao.TransactionDao GLOBAL.UPPC-4
11:  Missing '@author' Javadoc tag: TransactionDao JAVADOC.MAJDT-4
11:  'writeObject()' method is missing CWE.499.SER-5
11:  'clone()' method is missing SECURITY.WSC.MCNC-5
11:  'writeObject()' method is missing SECURITY.WSC.SER-5
11:  Missing '@version' Javadoc tag: TransactionDao JAVADOC.MVJDT-3
19:  "public" method without a '@post' contract: getTransaction () DBC.PUBMPOST-3
19:  "public" method without a '@pre' contract: getTransaction DBC.PUBMPRE-3
19:  The '@post'/'@return' tag(s) for the method 'getTransaction' do not properly describe whether or not the method can return null JAVADOC.CRN-3
19:  Variable 'id' does not end with 'int' NAMING.UHN-4
27:  interface type 'List' is used MOBILE.AUI-3
27:  The '@post'/'@return' tag(s) for the method 'getTransactionsForAccount' do not properly describe whether or not the method can return null JAVADOC.CRN-3
27:  "public" method without a '@post' contract: getTransactionsForAccount () DBC.PUBMPOST-3
27:  "public" method without a '@pre' contract: getTransactionsForAccount DBC.PUBMPRE-3
27:  Variable 'accountId' does not end with 'int' NAMING.UHN-4
33:  Comment line is longer than 80 characters: 85 APSC_DV.003215.LL-3
33:  Comment line is longer than 80 characters: 85 FORMAT.LL-3
36:  Line is longer than 80 characters: 93 APSC_DV.003215.LL-3
36:  Line is longer than 80 characters: 93 FORMAT.LL-3
36:  interface type 'List' is used MOBILE.AUI-3
36:  The '@post'/'@return' tag(s) for the method 'getTransactionsForAccount' do not properly describe whether or not the method can return null JAVADOC.CRN-3
36:  "public" method without a '@post' contract: getTransactionsForAccount () DBC.PUBMPOST-3
36:  "public" method without a '@pre' contract: getTransactionsForAccount DBC.PUBMPRE-3
36:  Variable 'accountId' does not end with 'int' NAMING.UHN-4
46:  "public" method without a '@post' contract: createTransaction () DBC.PUBMPOST-3
46:  "public" method without a '@pre' contract: createTransaction DBC.PUBMPRE-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/dao/internal/DynamicDataInserter.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
6:  'clone()' method is missing CERT.OBJ07.MCNC-2
6:  The interface 'DynamicDataInserter' is never implemented GLOBAL.NIE-4
6:  Globally unused "public" interface: com.parasoft.parabank.dao.internal.DynamicDataInserter GLOBAL.UPPC-4
6:  Missing '@author' Javadoc tag: DynamicDataInserter JAVADOC.MAJDT-4
6:  'writeObject()' method is missing CWE.499.SER-5
6:  'clone()' method is missing SECURITY.WSC.MCNC-5
6:  'writeObject()' method is missing SECURITY.WSC.SER-5
6:  Missing '@version' Javadoc tag: DynamicDataInserter JAVADOC.MVJDT-3
8:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
11:  Method 'getDataCount' missing '@return' Javadoc tag JAVADOC.MRDC-3
11:  "public" method without a '@post' contract: getDataCount () DBC.PUBMPOST-3
11:  "public" method without a '@pre' contract: getDataCount DBC.PUBMPRE-3
13:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
16:  "public" method without a '@post' contract: insertData () DBC.PUBMPOST-3
16:  "public" method without a '@pre' contract: insertData DBC.PUBMPRE-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/News.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  "import" not presented in alphabetical order: com.parasoft.parabank.util.Util CODSTA.ORG.ORIMP-5
7:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
7:  Use 2 blank lines before type declaration FORMAT.BLCD-3
7:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
10:  Public clone method missing CERT.OBJ05.MUCOP-1
10:  Static creation method missing CERT.OBJ05.MUCOP-1
10:  Copy constructor missing CERT.OBJ05.MUCOP-1
10:  Public clone method missing CERT.OBJ06.MUCOP-2
10:  Static creation method missing CERT.OBJ06.MUCOP-2
10:  Copy constructor missing CERT.OBJ06.MUCOP-2
10:  'clone()' method is missing CERT.OBJ07.MCNC-2
10:  Public clone method missing CERT.OBJ04.MUCOP-3
10:  Static creation method missing CERT.OBJ04.MUCOP-3
10:  Copy constructor missing CERT.OBJ04.MUCOP-3
10:  News has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
10:  getter method without an @invariant contract: getId() DBC.IGM-3
10:  getter method without an @invariant contract: getDate() DBC.IGM-3
10:  getter method without an @invariant contract: getHeadline() DBC.IGM-3
10:  getter method without an @invariant contract: getStory() DBC.IGM-3
10:  Missing Javadoc tag '@since' for class 'News' JAVADOC.ECTT-3
10:  Public clone method missing OOP.MUCOP-3
10:  Static creation method missing OOP.MUCOP-3
10:  Copy constructor missing OOP.MUCOP-3
10:  Missing '@author' Javadoc tag: News JAVADOC.MAJDT-4
10:  'writeObject()' method is missing CWE.499.SER-5
10:  Class 'com.parasoft.parabank.domain.News' should be declared "final" GLOBAL.SPPC-5
10:  'clone()' method is missing SECURITY.WSC.MCNC-5
10:  'writeObject()' method is missing SECURITY.WSC.SER-5
10:  "public" class without an '@invariant' contract: News DBC.PUBC-3
10:  Missing '@version' Javadoc tag: News JAVADOC.MVJDT-3
10:  Number of Javadoc comments are below thresholds (%): 6.0 METRICS.PJDC-3
10:  'readObject()' method is missing SECURITY.WSC.DSER-5
10:  interface type 'Comparable' is used MOBILE.AUI-3
11:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
11:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
11:  Variable 'id' does not end with 'int' NAMING.UHN-4
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
12:  Inspect usage of the 'Date' object 'date' SECURITY.BV.ADT-5
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
16:  No JUnit test method defined for 'News()' JUNIT.TEST-2
16:  Missing Javadoc comment for method 'News()' JAVADOC.PJDM-3
16:  Field 'date', declared on line 12, is not initialized in this constructor nor in its declaration INIT.CSI-4
16:  Field 'story', declared on line 14, is not initialized in this constructor nor in its declaration INIT.CSI-4
16:  Field 'id', declared on line 11, is not initialized in this constructor nor in its declaration INIT.CSI-4
16:  Field 'headline', declared on line 13, is not initialized in this constructor nor in its declaration INIT.CSI-4
20:  No JUnit test method defined for 'News()' JUNIT.TEST-2
20:  Missing Javadoc comment for method 'News()' JAVADOC.PJDM-3
20:  Globally unused "public" constructor News() GLOBAL.UPPM-4
20:  Formal parameter 'id' is not declared as final CODSTA.BP.FPF-3
20:  The parameter 'id' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
20:  Parameter 'id' has the same name as a field OOP.HMF-3
20:  Variable 'id' does not end with 'int' NAMING.UHN-4
20:  Formal parameter 'date' is not declared as final CODSTA.BP.FPF-3
20:  The parameter 'date' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
20:  Parameter 'date' has the same name as a field OOP.HMF-3
20:  Inspect usage of the 'Date' object 'date' SECURITY.BV.ADT-5
20:  Formal parameter 'headline' is not declared as final CODSTA.BP.FPF-3
20:  The parameter 'headline' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
20:  Parameter 'headline' has the same name as a field OOP.HMF-3
20:  Formal parameter 'story' is not declared as final CODSTA.BP.FPF-3
20:  The parameter 'story' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
20:  Parameter 'story' has the same name as a field OOP.HMF-3
27:  No JUnit test method defined for 'getId()' JUNIT.TEST-2
27:  Globally unused "public" method: getId() GLOBAL.UPPM-4
27:  Getter method 'getId()' is not declared "final" OPT.MAF-5
31:  Setter method 'setId()' is not declared "final" OPT.MAF-5
31:  No JUnit test method defined for 'setId()' JUNIT.TEST-2
31:  Globally unused "public" method: setId() GLOBAL.UPPM-4
31:  Formal parameter 'id' is not declared as final CODSTA.BP.FPF-3
31:  The parameter 'id' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
31:  Parameter 'id' has the same name as a field OOP.HMF-3
31:  Variable 'id' does not end with 'int' NAMING.UHN-4
35:  No JUnit test method defined for 'getDate()' JUNIT.TEST-2
35:  The method 'getDate' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
35:  Globally unused "public" method: getDate() GLOBAL.UPPM-4
35:  Getter method 'getDate()' is not declared "final" OPT.MAF-5
39:  Setter method 'setDate()' is not declared "final" OPT.MAF-5
39:  No JUnit test method defined for 'setDate()' JUNIT.TEST-2
39:  Globally unused "public" method: setDate() GLOBAL.UPPM-4
39:  Formal parameter 'date' is not declared as final CODSTA.BP.FPF-3
39:  The parameter 'date' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
39:  Parameter 'date' has the same name as a field OOP.HMF-3
39:  Inspect usage of the 'Date' object 'date' SECURITY.BV.ADT-5
43:  No JUnit test method defined for 'getHeadline()' JUNIT.TEST-2
43:  The method 'getHeadline' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
43:  Globally unused "public" method: getHeadline() GLOBAL.UPPM-4
43:  Getter method 'getHeadline()' is not declared "final" OPT.MAF-5
47:  Setter method 'setHeadline()' is not declared "final" OPT.MAF-5
47:  No JUnit test method defined for 'setHeadline()' JUNIT.TEST-2
47:  Globally unused "public" method: setHeadline() GLOBAL.UPPM-4
47:  Formal parameter 'headline' is not declared as final CODSTA.BP.FPF-3
47:  The parameter 'headline' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
47:  Parameter 'headline' has the same name as a field OOP.HMF-3
51:  No JUnit test method defined for 'getStory()' JUNIT.TEST-2
51:  The method 'getStory' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
51:  Globally unused "public" method: getStory() GLOBAL.UPPM-4
51:  Getter method 'getStory()' is not declared "final" OPT.MAF-5
55:  Setter method 'setStory()' is not declared "final" OPT.MAF-5
55:  No JUnit test method defined for 'setStory()' JUNIT.TEST-2
55:  Globally unused "public" method: setStory() GLOBAL.UPPM-4
55:  Formal parameter 'story' is not declared as final CODSTA.BP.FPF-3
55:  The parameter 'story' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
55:  Parameter 'story' has the same name as a field OOP.HMF-3
60:  No JUnit test method defined for 'hashCode()' JUNIT.TEST-2
60:  Missing Javadoc comment for method 'hashCode()' JAVADOC.PJDM-3
61:  Variable 'prime' does not end with 'int' NAMING.UHN-4
61:  The declaration of the local variable 'prime' is not followed by a comment CODSTA.READ.CLV-5
62:  Variable 'result' does not end with 'int' NAMING.UHN-4
62:  The declaration of the local variable 'result' is not followed by a comment CODSTA.READ.CLV-5
63:  A mutable field "id" is used in the "hashCode" method CERT.MET11.IKICO-3
63:  A mutable field "id" is used in the "hashCode" method PB.IKICO-3
71:  No JUnit test method defined for 'equals()' JUNIT.TEST-2
71:  Missing Javadoc comment for method 'equals()' JAVADOC.PJDM-3
71:  Formal parameter 'obj' is not declared as final CODSTA.BP.FPF-3
72:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
72:  Parenthesis not followed by 1 space FORMAT.SAP-3
74:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
75:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
75:  Parenthesis not followed by 1 space FORMAT.SAP-3
75:  "instanceof" operator not used on an "interface", type 'News' is not an interface OOP.INSOF-4
77:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
78:  Variable 'other' is not declared at the beginning of the block CODSTA.READ.PDBB-4
78:  The declaration of the local variable 'other' is not followed by a comment CODSTA.READ.CLV-5
78:  There is not one single space after type cast APSC_DV.003215.CMS-3
78:  There is not one single space after type cast FORMAT.CMS-3
79:  Missing '()' to separate complex expression APSC_DV.003215.APAREN-3
79:  A mutable field "id" is used in the "equals" method CERT.MET11.IKICO-3
79:  Missing '()' to separate complex expression FORMAT.APAREN-3
79:  A mutable field "id" is used in the "equals" method PB.IKICO-3
80:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
80:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
81:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
81:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
82:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
82:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
86:  The method 'toString' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
86:  Missing Javadoc comment for method 'toString()' JAVADOC.PJDM-3
86:  Missing Javadoc for 'toString()' JAVADOC.TSMJT-3
86:  Missing Javadoc for 'toString()' OWASP2019.API9.TSMJT-5
87:  Concatenating strings CERT.STR00.COS-3
87:  Non internationalized string: "News [id=" INTER.ITT-3
87:  Concatenating strings INTER.COS-5
87:  The String literal "News [id=" is used SECURITY.WSC.SL-3
87:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
87:  Non internationalized string: ", date=" INTER.ITT-3
87:  The String literal ", date=" is used SECURITY.WSC.SL-3
87:  Called 'toString()' implicitly on a 'Date' object INTER.DTS-4
87:  Non internationalized string: ", headline=" INTER.ITT-3
87:  The String literal ", headline=" is used SECURITY.WSC.SL-3
88:  The String literal ", story=" is used SECURITY.WSC.SL-3
88:  Non internationalized string: ", story=" INTER.ITT-3
88:  Single character ']' using double quotes in string concatenation OPT.STR-3
88:  The String literal "]" is used SECURITY.WSC.SL-3
92:  No JUnit test method defined for 'compareTo()' JUNIT.TEST-2
92:  Missing Javadoc comment for method 'compareTo()' JAVADOC.PJDM-3
92:  Formal parameter 'o' is not declared as final CODSTA.BP.FPF-3
92:  The length of the identifier "o" is less than the minimum length (2) NAMING.LLI-4
93:  A mutable field "date" is used in the "compareTo" method CERT.MET11.IKICO-3
93:  A mutable field "date" is used in the "compareTo" method PB.IKICO-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/TransactionCriteria.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
4:  "import java.text.DateFormat" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
4:  "import java.text.DateFormat" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
6:  "import java.util.Date" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
6:  "import java.util.Date" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
9:  Use 1 blank line before every top-level class (or corresponding Javadoc) APSC_DV.003215.U2BL-3
9:  Use 1 blank line before every top-level class (or corresponding Javadoc) FORMAT.U2BL-3
14:  Public clone method missing CERT.OBJ05.MUCOP-1
14:  Static creation method missing CERT.OBJ05.MUCOP-1
14:  Copy constructor missing CERT.OBJ05.MUCOP-1
14:  Public clone method missing CERT.OBJ06.MUCOP-2
14:  Static creation method missing CERT.OBJ06.MUCOP-2
14:  Copy constructor missing CERT.OBJ06.MUCOP-2
14:  'clone()' method is missing CERT.OBJ07.MCNC-2
14:  Public clone method missing CERT.OBJ04.MUCOP-3
14:  Static creation method missing CERT.OBJ04.MUCOP-3
14:  Copy constructor missing CERT.OBJ04.MUCOP-3
14:  getter method without an @invariant contract: getMonth() DBC.IGM-3
14:  getter method without an @invariant contract: getTransactionType() DBC.IGM-3
14:  getter method without an @invariant contract: getTransactionId() DBC.IGM-3
14:  getter method without an @invariant contract: getOnDate() DBC.IGM-3
14:  getter method without an @invariant contract: getFromDate() DBC.IGM-3
14:  getter method without an @invariant contract: getToDate() DBC.IGM-3
14:  getter method without an @invariant contract: getAmount() DBC.IGM-3
14:  getter method without an @invariant contract: getSearchType() DBC.IGM-3
14:  Missing Javadoc tag '@since' for class 'TransactionCriteria' JAVADOC.ECTT-3
14:  Public clone method missing OOP.MUCOP-3
14:  Static creation method missing OOP.MUCOP-3
14:  Copy constructor missing OOP.MUCOP-3
14:  Missing '@author' Javadoc tag: TransactionCriteria JAVADOC.MAJDT-4
14:  'writeObject()' method is missing CWE.499.SER-5
14:  Class 'com.parasoft.parabank.domain.TransactionCriteria' should be declared "final" GLOBAL.SPPC-5
14:  'clone()' method is missing SECURITY.WSC.MCNC-5
14:  'writeObject()' method is missing SECURITY.WSC.SER-5
14:  "class" missing a no argument constructor: TransactionCriteria CODSTA.POD.DCTOR-5
14:  "public" class without an '@invariant' contract: TransactionCriteria DBC.PUBC-3
14:  Missing '@version' Javadoc tag: TransactionCriteria JAVADOC.MVJDT-3
14:  Number of Javadoc comments are below thresholds (%): 4.0 METRICS.PJDC-3
14:  'readObject()' method is missing SECURITY.WSC.DSER-5
15:  Use 1 blank line before every member enum declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
15:  Use 1 blank line before every member enum declaration (or corresponding Javadoc) FORMAT.U2BL-3
15:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
15:  Use 2 blank lines before type declaration FORMAT.BLCD-3
15:  Missing Javadoc comment for 'SearchType' JAVADOC.PJDC-3
15:  Enum 'com.parasoft.parabank.domain.TransactionCriteria.SearchType' should be declared "private" GLOBAL.DPPC-4
15:  'SearchType' is an expensive enum declaration MOBILE.ENUM-3
16:  Use 1 blank line before every enum constant declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
16:  Use 1 blank line before every enum constant declaration (or corresponding Javadoc) FORMAT.U2BL-3
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
16:  Enum constant not directly used: ACTIVITY GLOBAL.UEC-4
16:  Enum constant not directly used: ID GLOBAL.UEC-4
16:  Enum constant not directly used: DATE GLOBAL.UEC-4
16:  Enum constant not directly used: DATE_RANGE GLOBAL.UEC-4
16:  Enum constant not directly used: AMOUNT GLOBAL.UEC-4
20:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
20:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
20:  Field 'month' is not initialized in its declaration INIT.CSI-4
21:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
21:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
21:  Field 'transactionType' is not initialized in its declaration INIT.CSI-4
24:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
24:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
24:  Field 'transactionId' is not initialized in its declaration INIT.CSI-4
27:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
27:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
27:  Field 'onDate' is not initialized in its declaration INIT.CSI-4
27:  Inspect usage of the 'Date' object 'onDate' SECURITY.BV.ADT-5
30:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
30:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
30:  Field 'fromDate' is not initialized in its declaration INIT.CSI-4
30:  Inspect usage of the 'Date' object 'fromDate' SECURITY.BV.ADT-5
31:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
31:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
31:  Field 'toDate' is not initialized in its declaration INIT.CSI-4
31:  Inspect usage of the 'Date' object 'toDate' SECURITY.BV.ADT-5
34:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
34:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
34:  Field 'amount' is not initialized in its declaration INIT.CSI-4
36:  Field 'searchType' is not initialized in its declaration INIT.CSI-4
38:  Line is longer than 80 characters: 96 APSC_DV.003215.LL-3
38:  Line is longer than 80 characters: 96 FORMAT.LL-3
38:  Elements in 'TransactionCriteria' not ordered appropriately, first violation: field 'DATE_FORMATTER' at line 38 should be placed before field 'month' at line 20 CODSTA.ORG.FO-3
38:  "static" "final" field 'DATE_FORMATTER' of 'ThreadLocal<DateFormat>' type is mutable CWE.582.IMM-3
38:  "static" "final" field 'DATE_FORMATTER' of 'ThreadLocal<DateFormat>' type is mutable CWE.607.IMM-3
38:  Missing Javadoc comment for 'DATE_FORMATTER' JAVADOC.PJDF-3
38:  "static" "final" field 'DATE_FORMATTER' of 'ThreadLocal<DateFormat>' type is mutable PB.CUB.IMM-3
38:  Constant 'DATE_FORMATTER' is not defined in an "interface" CODSTA.ORG.DCI-4
38:  Anonymous class: 'ThreadLocal' CODSTA.READ.AIC-3
40:  The method 'initialValue' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
41:  Instantiating 'SimpleDateFormat' object without a 'Locale' argument INTER.SDFL-3
41:  Non internationalized string: "MM-dd-yyyy" INTER.ITT-3
46:  Use 1 blank line before every method declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
46:  Use 1 blank line before every method declaration (or corresponding Javadoc) FORMAT.U2BL-3
46:  No JUnit test method defined for 'getMonth()' JUNIT.TEST-2
46:  The method 'getMonth' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
46:  Globally unused "public" method: getMonth() GLOBAL.UPPM-4
46:  Getter method 'getMonth()' is not declared "final" OPT.MAF-5
50:  Setter method 'setMonth()' is not declared "final" OPT.MAF-5
50:  No JUnit test method defined for 'setMonth()' JUNIT.TEST-2
50:  Globally unused "public" method: setMonth() GLOBAL.UPPM-4
50:  Formal parameter 'month' is not declared as final CODSTA.BP.FPF-3
50:  The parameter 'month' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
50:  Parameter 'month' has the same name as a field OOP.HMF-3
54:  No JUnit test method defined for 'getTransactionType()' JUNIT.TEST-2
54:  The method 'getTransactionType' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
54:  Globally unused "public" method: getTransactionType() GLOBAL.UPPM-4
54:  Getter method 'getTransactionType()' is not declared "final" OPT.MAF-5
58:  Setter method 'setTransactionType()' is not declared "final" OPT.MAF-5
58:  No JUnit test method defined for 'setTransactionType()' JUNIT.TEST-2
58:  Globally unused "public" method: setTransactionType() GLOBAL.UPPM-4
58:  Formal parameter 'transactionType' is not declared as final CODSTA.BP.FPF-3
58:  The parameter 'transactionType' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
58:  Parameter 'transactionType' has the same name as a field OOP.HMF-3
62:  No JUnit test method defined for 'getTransactionId()' JUNIT.TEST-2
62:  The method 'getTransactionId' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
62:  Globally unused "public" method: getTransactionId() GLOBAL.UPPM-4
62:  Getter method 'getTransactionId()' is not declared "final" OPT.MAF-5
66:  Setter method 'setTransactionId()' is not declared "final" OPT.MAF-5
66:  No JUnit test method defined for 'setTransactionId()' JUNIT.TEST-2
66:  Globally unused "public" method: setTransactionId() GLOBAL.UPPM-4
66:  Formal parameter 'transactionId' is not declared as final CODSTA.BP.FPF-3
66:  The parameter 'transactionId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
66:  Parameter 'transactionId' has the same name as a field OOP.HMF-3
70:  No JUnit test method defined for 'getOnDate()' JUNIT.TEST-2
70:  The method 'getOnDate' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
70:  Globally unused "public" method: getOnDate() GLOBAL.UPPM-4
70:  Getter method 'getOnDate()' is not declared "final" OPT.MAF-5
74:  Setter method 'setOnDate()' is not declared "final" OPT.MAF-5
74:  No JUnit test method defined for 'setOnDate()' JUNIT.TEST-2
74:  Globally unused "public" method: setOnDate() GLOBAL.UPPM-4
74:  Formal parameter 'onDate' is not declared as final CODSTA.BP.FPF-3
74:  The parameter 'onDate' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
74:  Parameter 'onDate' has the same name as a field OOP.HMF-3
74:  Inspect usage of the 'Date' object 'onDate' SECURITY.BV.ADT-5
78:  No JUnit test method defined for 'getFromDate()' JUNIT.TEST-2
78:  The method 'getFromDate' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
78:  Globally unused "public" method: getFromDate() GLOBAL.UPPM-4
78:  Getter method 'getFromDate()' is not declared "final" OPT.MAF-5
82:  Setter method 'setFromDate()' is not declared "final" OPT.MAF-5
82:  No JUnit test method defined for 'setFromDate()' JUNIT.TEST-2
82:  Globally unused "public" method: setFromDate() GLOBAL.UPPM-4
82:  Formal parameter 'fromDate' is not declared as final CODSTA.BP.FPF-3
82:  The parameter 'fromDate' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
82:  Parameter 'fromDate' has the same name as a field OOP.HMF-3
82:  Inspect usage of the 'Date' object 'fromDate' SECURITY.BV.ADT-5
86:  No JUnit test method defined for 'getToDate()' JUNIT.TEST-2
86:  The method 'getToDate' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
86:  Globally unused "public" method: getToDate() GLOBAL.UPPM-4
86:  Getter method 'getToDate()' is not declared "final" OPT.MAF-5
90:  Setter method 'setToDate()' is not declared "final" OPT.MAF-5
90:  No JUnit test method defined for 'setToDate()' JUNIT.TEST-2
90:  Globally unused "public" method: setToDate() GLOBAL.UPPM-4
90:  Formal parameter 'toDate' is not declared as final CODSTA.BP.FPF-3
90:  The parameter 'toDate' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
90:  Parameter 'toDate' has the same name as a field OOP.HMF-3
90:  Inspect usage of the 'Date' object 'toDate' SECURITY.BV.ADT-5
94:  No JUnit test method defined for 'getAmount()' JUNIT.TEST-2
94:  The method 'getAmount' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
94:  Globally unused "public" method: getAmount() GLOBAL.UPPM-4
94:  Getter method 'getAmount()' is not declared "final" OPT.MAF-5
98:  Setter method 'setAmount()' is not declared "final" OPT.MAF-5
98:  No JUnit test method defined for 'setAmount()' JUNIT.TEST-2
98:  Globally unused "public" method: setAmount() GLOBAL.UPPM-4
98:  Formal parameter 'amount' is not declared as final CODSTA.BP.FPF-3
98:  The parameter 'amount' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
98:  Parameter 'amount' has the same name as a field OOP.HMF-3
102:  No JUnit test method defined for 'getSearchType()' JUNIT.TEST-2
102:  The method 'getSearchType' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
102:  Globally unused "public" method: getSearchType() GLOBAL.UPPM-4
102:  Getter method 'getSearchType()' is not declared "final" OPT.MAF-5
106:  Setter method 'setSearchType()' is not declared "final" OPT.MAF-5
106:  No JUnit test method defined for 'setSearchType()' JUNIT.TEST-2
106:  Globally unused "public" method: setSearchType() GLOBAL.UPPM-4
106:  Formal parameter 'searchType' is not declared as final CODSTA.BP.FPF-3
106:  The parameter 'searchType' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
106:  Parameter 'searchType' has the same name as a field OOP.HMF-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/logic/AdminParameters.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
4:  Misspelled word 'configurable' JAVADOC.SPELL-3
6:  'clone()' method is missing CERT.OBJ07.MCNC-2
6:  Interface 'AdminParameters' contains only fields CODSTA.POD.ACIAP-3
6:  Missing Javadoc tag '@since' for interface 'AdminParameters' JAVADOC.ECTT-3
6:  Constant declared in an "interface": 'AdminParameters' CODSTA.POD.ISACF-4
6:  Missing '@author' Javadoc tag: AdminParameters JAVADOC.MAJDT-4
6:  'writeObject()' method is missing CWE.499.SER-5
6:  'clone()' method is missing SECURITY.WSC.MCNC-5
6:  'writeObject()' method is missing SECURITY.WSC.SER-5
6:  Missing '@version' Javadoc tag: AdminParameters JAVADOC.MVJDT-3
6:  Number of Javadoc comments are below thresholds (%): 10.0 METRICS.PJDC-3
7:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
7:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
7:  Missing Javadoc comment for 'ENDPOINT' JAVADOC.PJDF-3
7:  Non internationalized string: "endpoint" INTER.ITT-3
8:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
8:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
8:  Missing Javadoc comment for 'SOAP_ENDPOINT' JAVADOC.PJDF-3
8:  Non internationalized string: "soap_endpoint" INTER.ITT-3
9:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
9:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
9:  Missing Javadoc comment for 'REST_ENDPOINT' JAVADOC.PJDF-3
9:  Non internationalized string: "rest_endpoint" INTER.ITT-3
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
10:  Missing Javadoc comment for 'INITIAL_BALANCE' JAVADOC.PJDF-3
10:  Non internationalized string: "initialBalance" INTER.ITT-3
11:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
11:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
11:  Missing Javadoc comment for 'MINIMUM_BALANCE' JAVADOC.PJDF-3
11:  Non internationalized string: "minimumBalance" INTER.ITT-3
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
12:  Missing Javadoc comment for 'LOAN_PROVIDER' JAVADOC.PJDF-3
12:  Non internationalized string: "loanProvider" INTER.ITT-3
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
13:  Missing Javadoc comment for 'LOAN_PROCESSOR' JAVADOC.PJDF-3
13:  Non internationalized string: "loanProcessor" INTER.ITT-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
14:  Missing Javadoc comment for 'LOAN_PROCESSOR_THRESHOLD' JAVADOC.PJDF-3
14:  Non internationalized string: "loanProcessorThreshold" INTER.ITT-3
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
15:  Missing Javadoc comment for 'ACCESSMODE' JAVADOC.PJDF-3
15:  Non internationalized string: "accessmode" INTER.ITT-3
15:  Misspelled word 'accessmode' JAVADOC.SPELL-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/logic/BankManager.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
4:  "import java.util.Date" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
4:  "import java.util.Date" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
7:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.Account CODSTA.ORG.ORIMP-5
15:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
15:  Use 2 blank lines before type declaration FORMAT.BLCD-3
15:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
18:  'clone()' method is missing CERT.OBJ07.MCNC-2
18:  Missing Javadoc tag '@since' for interface 'BankManager' JAVADOC.ECTT-3
18:  The interface 'BankManager' is never implemented GLOBAL.NIE-4
18:  Missing '@author' Javadoc tag: BankManager JAVADOC.MAJDT-4
18:  'writeObject()' method is missing CWE.499.SER-5
18:  'clone()' method is missing SECURITY.WSC.MCNC-5
18:  'writeObject()' method is missing SECURITY.WSC.SER-5
18:  Missing '@version' Javadoc tag: BankManager JAVADOC.MVJDT-3
18:  BankManager contains too many "public" methods: 23 METRICS.NPUBM-2
26:  "public" method without a '@post' contract: getCustomer () DBC.PUBMPOST-3
26:  "public" method without a '@pre' contract: getCustomer DBC.PUBMPRE-3
26:  The '@post'/'@return' tag(s) for the method 'getCustomer' do not properly describe whether or not the method can return null JAVADOC.CRN-3
26:  Variable 'id' does not end with 'int' NAMING.UHN-4
36:  The '@post'/'@return' tag(s) for the method 'getCustomer' do not properly describe whether or not the method can return null JAVADOC.CRN-3
36:  "public" method without a '@post' contract: getCustomer () DBC.PUBMPOST-3
36:  "public" method without a '@pre' contract: getCustomer DBC.PUBMPRE-3
45:  "public" method without a '@post' contract: getCustomer () DBC.PUBMPOST-3
45:  "public" method without a '@pre' contract: getCustomer DBC.PUBMPRE-3
45:  The '@post'/'@return' tag(s) for the method 'getCustomer' do not properly describe whether or not the method can return null JAVADOC.CRN-3
55:  "public" method without a '@post' contract: createCustomer () DBC.PUBMPOST-3
55:  "public" method without a '@pre' contract: createCustomer DBC.PUBMPRE-3
62:  "public" method without a '@post' contract: updateCustomer () DBC.PUBMPOST-3
62:  "public" method without a '@pre' contract: updateCustomer DBC.PUBMPRE-3
77:  Line is longer than 80 characters: 128 APSC_DV.003215.LL-3
77:  Line is longer than 80 characters: 128 FORMAT.LL-3
77:  interface type 'List' is used MOBILE.AUI-3
77:  The '@post'/'@return' tag(s) for the method 'buyPosition' do not properly describe whether or not the method can return null JAVADOC.CRN-3
77:  "public" method without a '@post' contract: buyPosition () DBC.PUBMPOST-3
77:  "public" method without a '@pre' contract: buyPosition DBC.PUBMPRE-3
77:  Variable 'customerId' does not end with 'int' NAMING.UHN-4
77:  Variable 'accountId' does not end with 'int' NAMING.UHN-4
77:  Variable 'shares' does not end with 'int' NAMING.UHN-4
89:  Line is longer than 80 characters: 117 APSC_DV.003215.LL-3
89:  Line is longer than 80 characters: 117 FORMAT.LL-3
89:  interface type 'List' is used MOBILE.AUI-3
89:  The '@post'/'@return' tag(s) for the method 'sellPosition' do not properly describe whether or not the method can return null JAVADOC.CRN-3
89:  "public" method without a '@post' contract: sellPosition () DBC.PUBMPOST-3
89:  "public" method without a '@pre' contract: sellPosition DBC.PUBMPRE-3
89:  Variable 'customerId' does not end with 'int' NAMING.UHN-4
89:  Variable 'accountId' does not end with 'int' NAMING.UHN-4
89:  Variable 'positionId' does not end with 'int' NAMING.UHN-4
89:  Variable 'shares' does not end with 'int' NAMING.UHN-4
97:  interface type 'List' is used MOBILE.AUI-3
97:  The '@post'/'@return' tag(s) for the method 'getPositionsForCustomer' do not properly describe whether or not the method can return null JAVADOC.CRN-3
97:  "public" method without a '@post' contract: getPositionsForCustomer () DBC.PUBMPOST-3
97:  "public" method without a '@pre' contract: getPositionsForCustomer DBC.PUBMPRE-3
105:  "public" method without a '@post' contract: getPosition () DBC.PUBMPOST-3
105:  "public" method without a '@pre' contract: getPosition DBC.PUBMPRE-3
105:  The '@post'/'@return' tag(s) for the method 'getPosition' do not properly describe whether or not the method can return null JAVADOC.CRN-3
105:  Variable 'positionId' does not end with 'int' NAMING.UHN-4
116:  Line is longer than 80 characters: 88 APSC_DV.003215.LL-3
116:  Line is longer than 80 characters: 88 FORMAT.LL-3
116:  interface type 'List' is used MOBILE.AUI-3
116:  The '@post'/'@return' tag(s) for the method 'getPositionHistory' do not properly describe whether or not the method can return null JAVADOC.CRN-3
116:  "public" method without a '@post' contract: getPositionHistory () DBC.PUBMPOST-3
116:  "public" method without a '@pre' contract: getPositionHistory DBC.PUBMPRE-3
116:  Variable 'positionId' does not end with 'int' NAMING.UHN-4
116:  Inspect usage of the 'Date' object 'startDate' SECURITY.BV.ADT-5
116:  Inspect usage of the 'Date' object 'endDate' SECURITY.BV.ADT-5
128:  Line is longer than 80 characters: 110 APSC_DV.003215.LL-3
128:  Line is longer than 80 characters: 110 FORMAT.LL-3
128:  The '@post'/'@return' tag(s) for the method 'createPosition' do not properly describe whether or not the method can return null JAVADOC.CRN-3
128:  "public" method without a '@post' contract: createPosition () DBC.PUBMPOST-3
128:  "public" method without a '@pre' contract: createPosition DBC.PUBMPRE-3
128:  Variable 'customerId' does not end with 'int' NAMING.UHN-4
128:  Variable 'shares' does not end with 'int' NAMING.UHN-4
136:  "public" method without a '@post' contract: updatePosition () DBC.PUBMPOST-3
136:  "public" method without a '@pre' contract: updatePosition DBC.PUBMPRE-3
144:  "public" method without a '@post' contract: deletePosition () DBC.PUBMPOST-3
144:  "public" method without a '@pre' contract: deletePosition DBC.PUBMPRE-3
152:  "public" method without a '@post' contract: getAccount () DBC.PUBMPOST-3
152:  "public" method without a '@pre' contract: getAccount DBC.PUBMPRE-3
152:  The '@post'/'@return' tag(s) for the method 'getAccount' do not properly describe whether or not the method can return null JAVADOC.CRN-3
152:  Variable 'id' does not end with 'int' NAMING.UHN-4
160:  interface type 'List' is used MOBILE.AUI-3
160:  The '@post'/'@return' tag(s) for the method 'getAccountsForCustomer' do not properly describe whether or not the method can return null JAVADOC.CRN-3
160:  "public" method without a '@post' contract: getAccountsForCustomer () DBC.PUBMPOST-3
160:  "public" method without a '@pre' contract: getAccountsForCustomer DBC.PUBMPRE-3
171:  "public" method without a '@post' contract: createAccount () DBC.PUBMPOST-3
171:  "public" method without a '@pre' contract: createAccount DBC.PUBMPRE-3
171:  Variable 'fromAccountId' does not end with 'int' NAMING.UHN-4
179:  The '@post'/'@return' tag(s) for the method 'getTransaction' do not properly describe whether or not the method can return null JAVADOC.CRN-3
179:  "public" method without a '@post' contract: getTransaction () DBC.PUBMPOST-3
179:  "public" method without a '@pre' contract: getTransaction DBC.PUBMPRE-3
179:  Variable 'id' does not end with 'int' NAMING.UHN-4
184:  '@param accountId' doesn't match any parameter in 'getTransactionsForAccount' JAVADOC.DPMT-3
184:  '@param accountId' doesn't match any parameter in 'getTransactionsForAccount' OWASP2019.API9.DPMT-3
187:  interface type 'List' is used MOBILE.AUI-3
187:  The '@post'/'@return' tag(s) for the method 'getTransactionsForAccount' do not properly describe whether or not the method can return null JAVADOC.CRN-3
187:  Method 'getTransactionsForAccount' is missing '@param account' in Javadoc comment JAVADOC.PARAM-3
187:  "public" method without a '@post' contract: getTransactionsForAccount () DBC.PUBMPOST-3
187:  "public" method without a '@pre' contract: getTransactionsForAccount DBC.PUBMPRE-3
193:  Comment line is longer than 80 characters: 85 APSC_DV.003215.LL-3
193:  Comment line is longer than 80 characters: 85 FORMAT.LL-3
196:  Line is longer than 80 characters: 93 APSC_DV.003215.LL-3
196:  Line is longer than 80 characters: 93 FORMAT.LL-3
196:  interface type 'List' is used MOBILE.AUI-3
196:  The '@post'/'@return' tag(s) for the method 'getTransactionsForAccount' do not properly describe whether or not the method can return null JAVADOC.CRN-3
196:  "public" method without a '@post' contract: getTransactionsForAccount () DBC.PUBMPOST-3
196:  "public" method without a '@pre' contract: getTransactionsForAccount DBC.PUBMPRE-3
196:  Variable 'accountId' does not end with 'int' NAMING.UHN-4
205:  "public" method without a '@post' contract: transfer () DBC.PUBMPOST-3
205:  "public" method without a '@pre' contract: transfer DBC.PUBMPRE-3
205:  Variable 'fromAccountId' does not end with 'int' NAMING.UHN-4
205:  Variable 'toAccountId' does not end with 'int' NAMING.UHN-4
214:  The method 'deposit' should include an '@post' or '@return' tag describing whether or not the method can return null JAVADOC.CRN-3
214:  Method 'deposit' missing '@return' Javadoc tag JAVADOC.MRDC-3
214:  "public" method without a '@post' contract: deposit () DBC.PUBMPOST-3
214:  "public" method without a '@pre' contract: deposit DBC.PUBMPRE-3
214:  Variable 'accountId' does not end with 'int' NAMING.UHN-4
223:  "public" method without a '@post' contract: withdraw () DBC.PUBMPOST-3
223:  "public" method without a '@pre' contract: withdraw DBC.PUBMPRE-3
223:  Variable 'accountId' does not end with 'int' NAMING.UHN-4
234:  The '@post'/'@return' tag(s) for the method 'requestLoan' do not properly describe whether or not the method can return null JAVADOC.CRN-3
234:  "public" method without a '@post' contract: requestLoan () DBC.PUBMPOST-3
234:  "public" method without a '@pre' contract: requestLoan DBC.PUBMPRE-3
234:  Variable 'customerId' does not end with 'int' NAMING.UHN-4
235:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
235:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
235:  Variable 'fromAccountId' does not end with 'int' NAMING.UHN-4
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/logic/LoanProvider.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
6:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
6:  Use 2 blank lines before type declaration FORMAT.BLCD-3
6:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
9:  'clone()' method is missing CERT.OBJ07.MCNC-2
9:  Missing Javadoc tag '@since' for interface 'LoanProvider' JAVADOC.ECTT-3
9:  Missing '@author' Javadoc tag: LoanProvider JAVADOC.MAJDT-4
9:  'writeObject()' method is missing CWE.499.SER-5
9:  'clone()' method is missing SECURITY.WSC.MCNC-5
9:  'writeObject()' method is missing SECURITY.WSC.SER-5
9:  Missing '@version' Javadoc tag: LoanProvider JAVADOC.MVJDT-3
16:  "public" method without a '@post' contract: requestLoan () DBC.PUBMPOST-3
16:  "public" method without a '@pre' contract: requestLoan DBC.PUBMPRE-3
16:  The '@post'/'@return' tag(s) for the method 'requestLoan' do not properly describe whether or not the method can return null JAVADOC.CRN-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/logic/NewsManager.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
7:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.News CODSTA.ORG.ORIMP-5
9:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
9:  Use 2 blank lines before type declaration FORMAT.BLCD-3
9:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
12:  'clone()' method is missing CERT.OBJ07.MCNC-2
12:  Missing Javadoc tag '@since' for interface 'NewsManager' JAVADOC.ECTT-3
12:  Missing '@author' Javadoc tag: NewsManager JAVADOC.MAJDT-4
12:  'writeObject()' method is missing CWE.499.SER-5
12:  'clone()' method is missing SECURITY.WSC.MCNC-5
12:  'writeObject()' method is missing SECURITY.WSC.SER-5
12:  Missing '@version' Javadoc tag: NewsManager JAVADOC.MVJDT-3
19:  interface type 'Map' is used MOBILE.AUI-3
19:  interface type 'List' is used MOBILE.AUI-3
19:  The '@post'/'@return' tag(s) for the method 'getLatestNews' do not properly describe whether or not the method can return null JAVADOC.CRN-3
19:  "public" method without a '@post' contract: getLatestNews () DBC.PUBMPOST-3
19:  "public" method without a '@pre' contract: getLatestNews DBC.PUBMPRE-3
26:  interface type 'Map' is used MOBILE.AUI-3
26:  interface type 'List' is used MOBILE.AUI-3
26:  The '@post'/'@return' tag(s) for the method 'getNews' do not properly describe whether or not the method can return null JAVADOC.CRN-3
26:  "public" method without a '@post' contract: getNews () DBC.PUBMPOST-3
26:  "public" method without a '@pre' contract: getNews DBC.PUBMPRE-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/logic/impl/AbstractLoanProcessor.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  "import com.parasoft.parabank.domain.logic.AdminManager" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
5:  "import com.parasoft.parabank.domain.logic.AdminManager" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
7:  "import com.parasoft.parabank.domain.util.LoanResponseBuilder" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
7:  "import com.parasoft.parabank.domain.util.LoanResponseBuilder" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
9:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
9:  Use 2 blank lines before type declaration FORMAT.BLCD-3
9:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
12:  Public clone method missing CERT.OBJ05.MUCOP-1
12:  Static creation method missing CERT.OBJ05.MUCOP-1
12:  Copy constructor missing CERT.OBJ05.MUCOP-1
12:  Public clone method missing CERT.OBJ06.MUCOP-2
12:  Static creation method missing CERT.OBJ06.MUCOP-2
12:  Copy constructor missing CERT.OBJ06.MUCOP-2
12:  'clone()' method is missing CERT.OBJ07.MCNC-2
12:  Public clone method missing CERT.OBJ04.MUCOP-3
12:  Static creation method missing CERT.OBJ04.MUCOP-3
12:  Copy constructor missing CERT.OBJ04.MUCOP-3
12:  Missing Javadoc tag '@since' for class 'AbstractLoanProcessor' JAVADOC.ECTT-3
12:  Public clone method missing OOP.MUCOP-3
12:  Static creation method missing OOP.MUCOP-3
12:  Copy constructor missing OOP.MUCOP-3
12:  Class 'com.parasoft.parabank.domain.logic.impl.AbstractLoanProcessor' should be declared "package-private" GLOBAL.DPPC-4
12:  Missing '@author' Javadoc tag: AbstractLoanProcessor JAVADOC.MAJDT-4
12:  'writeObject()' method is missing CWE.499.SER-5
12:  'clone()' method is missing SECURITY.WSC.MCNC-5
12:  'writeObject()' method is missing SECURITY.WSC.SER-5
12:  "public" class without an '@invariant' contract: AbstractLoanProcessor DBC.PUBC-3
12:  Missing '@version' Javadoc tag: AbstractLoanProcessor JAVADOC.MVJDT-3
12:  Number of Javadoc comments are below thresholds (%): 15.0 METRICS.PJDC-3
12:  'readObject()' method is missing SECURITY.WSC.DSER-5
12:  interface type 'LoanProvider' is used MOBILE.AUI-3
13:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
13:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
13:  interface type 'AdminManager' is used MOBILE.AUI-3
13:  Missing 'getAdminManager()' method for field 'adminManager' BEAN.NFM-4
15:  No JUnit test method defined for 'setAdminManager()' JUNIT.TEST-2
15:  Globally unused "public" method: setAdminManager() GLOBAL.UPPM-4
15:  Setter method 'setAdminManager()' is not declared "final" OPT.MAF-5
15:  interface type 'AdminManager' is used MOBILE.AUI-3
15:  Formal parameter 'adminManager' is not declared as final CODSTA.BP.FPF-3
15:  The parameter 'adminManager' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
15:  Parameter 'adminManager' has the same name as a field OOP.HMF-3
20:  No JUnit test method defined for 'requestLoan()' JUNIT.TEST-2
20:  Elements in 'AbstractLoanProcessor' not ordered appropriately, first violation: method 'requestLoan' at line 19 should be placed before method 'setAdminManager' at line 15 CODSTA.ORG.FO-3
20:  The method 'requestLoan' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
20:  Missing Javadoc comment for method 'requestLoan()' JAVADOC.PJDM-3
20:  Formal parameter 'loanRequest' is not declared as final CODSTA.BP.FPF-3
21:  The declaration of the local variable 'builder' is not followed by a comment CODSTA.READ.CLV-5
21:  The return value of 'accountId()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
22:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
25:  Line is longer than 80 characters: 90 APSC_DV.003215.LL-3
25:  Line is longer than 80 characters: 90 FORMAT.LL-3
25:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
25:  Parenthesis not followed by 1 space FORMAT.SAP-3
27:  Non internationalized string: "error.insufficient.funds.for.down.payment" INTER.ITT-3
27:  The String literal "error.insufficient.funds.for.down.payment" is used SECURITY.WSC.SL-3
29:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
31:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
31:  Parenthesis not followed by 1 space FORMAT.SAP-3
34:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
39:  Formal parameter 'loanRequest' is not declared as final CODSTA.BP.FPF-3
41:  The method 'getErrorMessage' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
44:  The declaration of the local variable 'threshold' is not followed by a comment CODSTA.READ.CLV-5
44:  Non internationalized string: "loanProcessorThreshold" INTER.ITT-3
44:  The String literal "loanProcessorThreshold" is used SECURITY.WSC.SL-3
45:  Potentially expensive float operation committed MOBILE.FLOATER-3
45:  Called the 'parseInt()' method of class 'Integer' INTER.PN-4
45:  The method 'parseInt()' may throw a "NumberFormatException" that is neither caught nor declared to be thrown EXCEPT.NFE-3
45:  Literal constant is used: 100.0 CODSTA.READ.USN-2
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/logic/impl/AvailableFundsLoanProcessor.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.LoanRequest CODSTA.ORG.ORIMP-5
7:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
7:  Use 2 blank lines before type declaration FORMAT.BLCD-3
7:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
10:  'clone()' method is missing CERT.OBJ07.MCNC-2
10:  Missing Javadoc tag '@since' for class 'AvailableFundsLoanProcessor' JAVADOC.ECTT-3
10:  Globally unused "public" class: com.parasoft.parabank.domain.logic.impl.AvailableFundsLoanProcessor GLOBAL.UPPC-4
10:  Missing '@author' Javadoc tag: AvailableFundsLoanProcessor JAVADOC.MAJDT-4
10:  The immutable class not declared 'final' SECURITY.WSC.FIMU-4
10:  'writeObject()' method is missing CWE.499.SER-5
10:  'clone()' method is missing SECURITY.WSC.MCNC-5
10:  'writeObject()' method is missing SECURITY.WSC.SER-5
10:  "class" missing a no argument constructor: AvailableFundsLoanProcessor CODSTA.POD.DCTOR-5
10:  "public" class without an '@invariant' contract: AvailableFundsLoanProcessor DBC.PUBC-3
10:  Missing '@version' Javadoc tag: AvailableFundsLoanProcessor JAVADOC.MVJDT-3
10:  'readObject()' method is missing SECURITY.WSC.DSER-5
11:  Use 1 blank line before every method declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
11:  Use 1 blank line before every method declaration (or corresponding Javadoc) FORMAT.U2BL-3
12:  No JUnit test method defined for 'getQualifier()' JUNIT.TEST-2
12:  Formal parameter 'loanRequest' is not declared as final CODSTA.BP.FPF-3
14:  Line is longer than 80 characters: 84 APSC_DV.003215.LL-3
14:  Line is longer than 80 characters: 84 FORMAT.LL-3
14:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
14:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
18:  No JUnit test method defined for 'getErrorMessage()' JUNIT.TEST-2
18:  The method 'getErrorMessage' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
19:  Non internationalized string: "error.insufficient.funds" INTER.ITT-3
19:  The String literal "error.insufficient.funds" is used SECURITY.WSC.SL-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/logic/impl/CombinedLoanProcessor.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.LoanRequest CODSTA.ORG.ORIMP-5
7:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
7:  Use 2 blank lines before type declaration FORMAT.BLCD-3
7:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
10:  'clone()' method is missing CERT.OBJ07.MCNC-2
10:  Missing Javadoc tag '@since' for class 'CombinedLoanProcessor' JAVADOC.ECTT-3
10:  Globally unused "public" class: com.parasoft.parabank.domain.logic.impl.CombinedLoanProcessor GLOBAL.UPPC-4
10:  Missing '@author' Javadoc tag: CombinedLoanProcessor JAVADOC.MAJDT-4
10:  The immutable class not declared 'final' SECURITY.WSC.FIMU-4
10:  'writeObject()' method is missing CWE.499.SER-5
10:  'clone()' method is missing SECURITY.WSC.MCNC-5
10:  'writeObject()' method is missing SECURITY.WSC.SER-5
10:  "class" missing a no argument constructor: CombinedLoanProcessor CODSTA.POD.DCTOR-5
10:  "public" class without an '@invariant' contract: CombinedLoanProcessor DBC.PUBC-3
10:  Missing '@version' Javadoc tag: CombinedLoanProcessor JAVADOC.MVJDT-3
10:  'readObject()' method is missing SECURITY.WSC.DSER-5
11:  Use 1 blank line before every method declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
11:  Use 1 blank line before every method declaration (or corresponding Javadoc) FORMAT.U2BL-3
12:  No JUnit test method defined for 'getQualifier()' JUNIT.TEST-2
12:  Formal parameter 'loanRequest' is not declared as final CODSTA.BP.FPF-3
14:  Line is longer than 80 characters: 85 APSC_DV.003215.LL-3
14:  Line is longer than 80 characters: 85 FORMAT.LL-3
14:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
14:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
18:  No JUnit test method defined for 'getErrorMessage()' JUNIT.TEST-2
18:  The method 'getErrorMessage' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
19:  Non internationalized string: "error.insufficient.funds.and.down.payment" INTER.ITT-3
19:  The String literal "error.insufficient.funds.and.down.payment" is used SECURITY.WSC.SL-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/logic/impl/DownPaymentLoanProcessor.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.LoanRequest CODSTA.ORG.ORIMP-5
7:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
7:  Use 2 blank lines before type declaration FORMAT.BLCD-3
7:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
10:  'clone()' method is missing CERT.OBJ07.MCNC-2
10:  Missing Javadoc tag '@since' for class 'DownPaymentLoanProcessor' JAVADOC.ECTT-3
10:  Globally unused "public" class: com.parasoft.parabank.domain.logic.impl.DownPaymentLoanProcessor GLOBAL.UPPC-4
10:  Missing '@author' Javadoc tag: DownPaymentLoanProcessor JAVADOC.MAJDT-4
10:  The immutable class not declared 'final' SECURITY.WSC.FIMU-4
10:  'writeObject()' method is missing CWE.499.SER-5
10:  'clone()' method is missing SECURITY.WSC.MCNC-5
10:  'writeObject()' method is missing SECURITY.WSC.SER-5
10:  "class" missing a no argument constructor: DownPaymentLoanProcessor CODSTA.POD.DCTOR-5
10:  "public" class without an '@invariant' contract: DownPaymentLoanProcessor DBC.PUBC-3
10:  Missing '@version' Javadoc tag: DownPaymentLoanProcessor JAVADOC.MVJDT-3
10:  'readObject()' method is missing SECURITY.WSC.DSER-5
11:  Use 1 blank line before every method declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
11:  Use 1 blank line before every method declaration (or corresponding Javadoc) FORMAT.U2BL-3
12:  No JUnit test method defined for 'getQualifier()' JUNIT.TEST-2
12:  Formal parameter 'loanRequest' is not declared as final CODSTA.BP.FPF-3
14:  Line is longer than 80 characters: 84 APSC_DV.003215.LL-3
14:  Line is longer than 80 characters: 84 FORMAT.LL-3
14:  Indentation should be 12 (or 20) spaces APSC_DV.003215.IND-3
14:  Indentation should be 12 (or 20) spaces FORMAT.IND-3
18:  No JUnit test method defined for 'getErrorMessage()' JUNIT.TEST-2
18:  The method 'getErrorMessage' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
19:  Non internationalized string: "error.insufficient.down.payment" INTER.ITT-3
19:  The String literal "error.insufficient.down.payment" is used SECURITY.WSC.SL-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/logic/impl/NewsManagerImpl.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
7:  "import" not presented in alphabetical order: com.parasoft.parabank.dao.NewsDao CODSTA.ORG.ORIMP-5
8:  "import com.parasoft.parabank.domain.News" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
8:  "import com.parasoft.parabank.domain.News" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
9:  "import com.parasoft.parabank.domain.logic.NewsManager" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
9:  "import com.parasoft.parabank.domain.logic.NewsManager" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
10:  "import com.parasoft.parabank.domain.util.NewsUtil" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
10:  "import com.parasoft.parabank.domain.util.NewsUtil" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
12:  The file header should be placed before the "package" statement CODSTA.ORG.ORCU-3
15:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
15:  Use 1 blank line before every top-level class (or corresponding Javadoc) APSC_DV.003215.U2BL-3
15:  Use 2 blank lines before type declaration FORMAT.BLCD-3
15:  Use 1 blank line before every top-level class (or corresponding Javadoc) FORMAT.U2BL-3
15:  'clone()' method is missing CERT.OBJ07.MCNC-2
15:  Missing Javadoc comment for 'NewsManagerImpl' JAVADOC.PJDC-3
15:  Globally unused "public" class: com.parasoft.parabank.domain.logic.impl.NewsManagerImpl GLOBAL.UPPC-4
15:  The immutable class not declared 'final' SECURITY.WSC.FIMU-4
15:  'writeObject()' method is missing CWE.499.SER-5
15:  'clone()' method is missing SECURITY.WSC.MCNC-5
15:  'writeObject()' method is missing SECURITY.WSC.SER-5
15:  "class" missing a no argument constructor: NewsManagerImpl CODSTA.POD.DCTOR-5
15:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
15:  'readObject()' method is missing SECURITY.WSC.DSER-5
15:  interface type 'NewsManager' is used MOBILE.AUI-3
17:  interface type 'NewsDao' is used MOBILE.AUI-3
19:  No JUnit test method defined for 'NewsManagerImpl()' JUNIT.TEST-2
19:  'public' constructor declared CODSTA.BP.CMUTA-3
19:  Missing Javadoc comment for method 'NewsManagerImpl()' JAVADOC.PJDM-3
19:  Globally unused "public" constructor NewsManagerImpl() GLOBAL.UPPM-4
19:  Flag not present SECURITY.WSC.INIVF-4
19:  interface type 'NewsDao' is used MOBILE.AUI-3
19:  The parameter 'newsDao' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
19:  Parameter 'newsDao' has the same name as a field OOP.HMF-3
28:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
28:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
29:  interface type 'Map' is used MOBILE.AUI-3
29:  interface type 'List' is used MOBILE.AUI-3
29:  No JUnit test method defined for 'getLatestNews()' JUNIT.TEST-2
29:  The method 'getLatestNews' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
29:  Missing Javadoc comment for method 'getLatestNews()' JAVADOC.PJDM-3
30:  The declaration of the local variable 'date' is not followed by a comment CODSTA.READ.CLV-5
30:  Inspect usage of the 'Date' object 'date' SECURITY.BV.ADT-5
39:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
39:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
40:  interface type 'Map' is used MOBILE.AUI-3
40:  interface type 'List' is used MOBILE.AUI-3
40:  No JUnit test method defined for 'getNews()' JUNIT.TEST-2
40:  The method 'getNews' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
40:  Missing Javadoc comment for method 'getNews()' JAVADOC.PJDM-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/util/LoanRequestFactory.java
9:  Use 0 blank lines before the package statements APSC_DV.003215.U2BL-3
9:  Use 0 blank lines before the package statements FORMAT.U2BL-3
13:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.LoanRequest CODSTA.ORG.ORIMP-5
15:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
15:  Use 2 blank lines before type declaration FORMAT.BLCD-3
15:  'clone()' method is missing CERT.OBJ07.MCNC-2
15:  Utility class 'LoanRequestFactory' does not have a "private" constructor GLOBAL.UCC-2
15:  Missing Javadoc comment for 'LoanRequestFactory' JAVADOC.PJDC-3
15:  Name of utility class 'LoanRequestFactory' does not match user-specified regular expression '(Util$)|(Utility$)|(Utilities$)' NAMING.UTIL-3
15:  Globally unused "public" class: com.parasoft.parabank.domain.util.LoanRequestFactory GLOBAL.UPPC-4
15:  The immutable class not declared 'final' SECURITY.WSC.FIMU-4
15:  'writeObject()' method is missing CWE.499.SER-5
15:  'clone()' method is missing SECURITY.WSC.MCNC-5
15:  'writeObject()' method is missing SECURITY.WSC.SER-5
15:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
15:  'readObject()' method is missing SECURITY.WSC.DSER-5
16:  Opening brace '{' is not on the same line as the type declaration APSC_DV.003215.FCB-3
16:  Opening brace '{' is not on the same line as the type declaration FORMAT.FCB-3
17:  Line is longer than 80 characters: 98 APSC_DV.003215.LL-3
17:  Use 1 blank line before every method declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
17:  Line is longer than 80 characters: 98 FORMAT.LL-3
17:  Use 1 blank line before every method declaration (or corresponding Javadoc) FORMAT.U2BL-3
17:  No JUnit test method defined for 'create()' JUNIT.TEST-2
17:  The method 'create' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
17:  Missing Javadoc comment for method 'create()' JAVADOC.PJDM-3
17:  Method 'create' could use a return parameter instead of returning a new 'LoanRequest' object MOBILE.J2ME.EURP-3
17:  Globally unused "public" method: create() GLOBAL.UPPM-4
17:  Formal parameter 'availableFunds' is not declared as final CODSTA.BP.FPF-3
17:  Variable 'availableFunds' does not end with 'double' NAMING.UHN-4
17:  Formal parameter 'downPayment' is not declared as final CODSTA.BP.FPF-3
17:  Variable 'downPayment' does not end with 'double' NAMING.UHN-4
17:  Formal parameter 'loanAmount' is not declared as final CODSTA.BP.FPF-3
17:  Variable 'loanAmount' does not end with 'double' NAMING.UHN-4
18:  Opening brace '{' is not on the same line as the method declaration APSC_DV.003215.FCB-3
18:  Opening brace '{' is not on the same line as the method declaration FORMAT.FCB-3
19:  The declaration of the local variable 'request' is not followed by a comment CODSTA.READ.CLV-5
20:  The 'BigDecimal' constructor is called with a floating point value as an argument PB.NUM.BBDCC-2
20:  The 'BigDecimal' constructor is called with a floating point value as an argument CERT.NUM10.BBDCC-3
21:  The 'BigDecimal' constructor is called with a floating point value as an argument PB.NUM.BBDCC-2
21:  The 'BigDecimal' constructor is called with a floating point value as an argument CERT.NUM10.BBDCC-3
22:  The 'BigDecimal' constructor is called with a floating point value as an argument PB.NUM.BBDCC-2
22:  The 'BigDecimal' constructor is called with a floating point value as an argument CERT.NUM10.BBDCC-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/util/LoanResponseBuilder.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.LoanResponse CODSTA.ORG.ORIMP-5
7:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
7:  Use 2 blank lines before type declaration FORMAT.BLCD-3
7:  Public clone method missing CERT.OBJ05.MUCOP-1
7:  Static creation method missing CERT.OBJ05.MUCOP-1
7:  Copy constructor missing CERT.OBJ05.MUCOP-1
7:  Public clone method missing CERT.OBJ06.MUCOP-2
7:  Static creation method missing CERT.OBJ06.MUCOP-2
7:  Copy constructor missing CERT.OBJ06.MUCOP-2
7:  'clone()' method is missing CERT.OBJ07.MCNC-2
7:  Public clone method missing CERT.OBJ04.MUCOP-3
7:  Static creation method missing CERT.OBJ04.MUCOP-3
7:  Copy constructor missing CERT.OBJ04.MUCOP-3
7:  Missing Javadoc comment for 'LoanResponseBuilder' JAVADOC.PJDC-3
7:  Public clone method missing OOP.MUCOP-3
7:  Static creation method missing OOP.MUCOP-3
7:  Copy constructor missing OOP.MUCOP-3
7:  'writeObject()' method is missing CWE.499.SER-5
7:  Class 'com.parasoft.parabank.domain.util.LoanResponseBuilder' should be declared "final" GLOBAL.SPPC-5
7:  'clone()' method is missing SECURITY.WSC.MCNC-5
7:  'writeObject()' method is missing SECURITY.WSC.SER-5
7:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
7:  'readObject()' method is missing SECURITY.WSC.DSER-5
8:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
8:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
8:  Missing 'getResponseDate()' method for field 'responseDate' BEAN.NFM-4
8:  Missing 'setResponseDate()' method for field 'responseDate' BEAN.NFM-4
8:  Inspect usage of the 'Date' object 'responseDate' SECURITY.BV.ADT-5
9:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
9:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
9:  Missing 'getLoanProviderName()' method for field 'loanProviderName' BEAN.NFM-4
9:  Missing 'setLoanProviderName()' method for field 'loanProviderName' BEAN.NFM-4
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
10:  Missing 'isApproved()' method for field 'approved' BEAN.NFM-4
10:  Missing 'setApproved()' method for field 'approved' BEAN.NFM-4
10:  Variable 'approved' does not end with 'boolean' NAMING.UHN-4
11:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
11:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
11:  Missing 'getMessage()' method for field 'message' BEAN.NFM-4
11:  Missing 'setMessage()' method for field 'message' BEAN.NFM-4
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
12:  Missing 'getAccountId()' method for field 'accountId' BEAN.NFM-4
12:  Missing 'setAccountId()' method for field 'accountId' BEAN.NFM-4
14:  No JUnit test method defined for 'LoanResponseBuilder()' JUNIT.TEST-2
14:  Missing Javadoc comment for method 'LoanResponseBuilder()' JAVADOC.PJDM-3
14:  Field 'approved', declared on line 10, is not initialized in this constructor nor in its declaration INIT.CSI-4
14:  Field 'accountId', declared on line 12, is not initialized in this constructor nor in its declaration INIT.CSI-4
14:  Field 'loanProviderName', declared on line 9, is not initialized in this constructor nor in its declaration INIT.CSI-4
14:  Field 'message', declared on line 11, is not initialized in this constructor nor in its declaration INIT.CSI-4
15:  Opening brace '{' is not on the same line as the constructor declaration APSC_DV.003215.FCB-3
15:  Opening brace '{' is not on the same line as the constructor declaration FORMAT.FCB-3
19:  No JUnit test method defined for 'date()' JUNIT.TEST-2
19:  The method 'date' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
19:  Missing Javadoc comment for method 'date()' JAVADOC.PJDM-3
19:  Globally unused "public" method: date() GLOBAL.UPPM-4
19:  Method 'date' returns a value, but 'responseDate' changes state on line: '20' OOP.CQS-4
19:  Formal parameter 'date' is not declared as final CODSTA.BP.FPF-3
19:  Inspect usage of the 'Date' object 'date' SECURITY.BV.ADT-5
20:  This assignment may store the original parameter 'date' rather than a copy of the parameter into the field 'responseDate' CERT.OBJ05.SMO-1
20:  This assignment may store the original parameter 'date' rather than a copy of the parameter into the field 'responseDate' CERT.OBJ06.SMO-2
20:  This assignment may store the original parameter 'date' rather than a copy of the parameter into the field 'responseDate' CERT.OBJ04.SMO-3
20:  This assignment may store the original parameter 'date' rather than a copy of the parameter into the field 'responseDate' SECURITY.EAB.SMO-3
24:  No JUnit test method defined for 'providerName()' JUNIT.TEST-2
24:  The method 'providerName' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
24:  Missing Javadoc comment for method 'providerName()' JAVADOC.PJDM-3
24:  Globally unused "public" method: providerName() GLOBAL.UPPM-4
24:  Method 'providerName' returns a value, but 'loanProviderName' changes state on line: '25' OOP.CQS-4
24:  Formal parameter 'name' is not declared as final CODSTA.BP.FPF-3
29:  No JUnit test method defined for 'message()' JUNIT.TEST-2
29:  The method 'message' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
29:  Missing Javadoc comment for method 'message()' JAVADOC.PJDM-3
29:  Method 'message' returns a value, but 'message' changes state on line: '30' OOP.CQS-4
29:  Method 'message()' should be declared "final" GLOBAL.SPPM-5
29:  Formal parameter 'message' is not declared as final CODSTA.BP.FPF-3
29:  The parameter 'message' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
29:  Parameter 'message' has the same name as a field OOP.HMF-3
34:  No JUnit test method defined for 'accountId()' JUNIT.TEST-2
34:  The method 'accountId' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
34:  Missing Javadoc comment for method 'accountId()' JAVADOC.PJDM-3
34:  Method 'accountId' returns a value, but 'accountId' changes state on line: '35' OOP.CQS-4
34:  Method 'accountId()' should be declared "final" GLOBAL.SPPM-5
34:  Formal parameter 'accountId' is not declared as final CODSTA.BP.FPF-3
34:  The parameter 'accountId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
34:  Parameter 'accountId' has the same name as a field OOP.HMF-3
39:  No JUnit test method defined for 'approved()' JUNIT.TEST-2
39:  The method 'approved' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
39:  Missing Javadoc comment for method 'approved()' JAVADOC.PJDM-3
39:  Method 'approved' returns a value, but 'approved' changes state on line: '40' OOP.CQS-4
39:  Method 'approved()' should be declared "final" GLOBAL.SPPM-5
39:  Formal parameter 'approved' is not declared as final CODSTA.BP.FPF-3
39:  The parameter 'approved' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
39:  Parameter 'approved' has the same name as a field OOP.HMF-3
39:  Variable 'approved' does not end with 'boolean' NAMING.UHN-4
44:  No JUnit test method defined for 'build()' JUNIT.TEST-2
44:  The method 'build' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
44:  Missing Javadoc comment for method 'build()' JAVADOC.PJDM-3
44:  Method 'build' could use a return parameter instead of returning a new 'LoanResponse' object MOBILE.J2ME.EURP-3
44:  Method 'build()' should be declared "final" GLOBAL.SPPM-5
45:  The declaration of the local variable 'response' is not followed by a comment CODSTA.READ.CLV-5
46:  Parenthesis not followed by 1 space APSC_DV.003215.SAP-3
46:  Parenthesis not followed by 1 space FORMAT.SAP-3
48:  This close brace does not have an end-of-line comment to indicate which statement it goes with CODSTA.READ.CCB-3
 +  50:  "this.loanProviderName" is used prior to explicit initialization BD.PB.NOTEXPLINIT-1
 +  50:  "this.loanProviderName" is used prior to explicit initialization CWE.457.NOTEXPLINIT-1
 +  51:  "this.message" is used prior to explicit initialization BD.PB.NOTEXPLINIT-1
 +  51:  "this.message" is used prior to explicit initialization CWE.457.NOTEXPLINIT-1
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/messaging/LocalLoanProvider.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  "import com.parasoft.parabank.domain.logic.LoanProvider" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
5:  "import com.parasoft.parabank.domain.logic.LoanProvider" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
7:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
7:  Use 2 blank lines before type declaration FORMAT.BLCD-3
11:  Public clone method missing CERT.OBJ05.MUCOP-1
11:  Static creation method missing CERT.OBJ05.MUCOP-1
11:  Copy constructor missing CERT.OBJ05.MUCOP-1
11:  Public clone method missing CERT.OBJ06.MUCOP-2
11:  Static creation method missing CERT.OBJ06.MUCOP-2
11:  Copy constructor missing CERT.OBJ06.MUCOP-2
11:  'clone()' method is missing CERT.OBJ07.MCNC-2
11:  Public clone method missing CERT.OBJ04.MUCOP-3
11:  Static creation method missing CERT.OBJ04.MUCOP-3
11:  Copy constructor missing CERT.OBJ04.MUCOP-3
11:  Missing Javadoc tag '@since' for class 'LocalLoanProvider' JAVADOC.ECTT-3
11:  Public clone method missing OOP.MUCOP-3
11:  Static creation method missing OOP.MUCOP-3
11:  Copy constructor missing OOP.MUCOP-3
11:  Globally unused "public" class: com.parasoft.parabank.messaging.LocalLoanProvider GLOBAL.UPPC-4
11:  Missing '@author' Javadoc tag: LocalLoanProvider JAVADOC.MAJDT-4
11:  'writeObject()' method is missing CWE.499.SER-5
11:  'clone()' method is missing SECURITY.WSC.MCNC-5
11:  'writeObject()' method is missing SECURITY.WSC.SER-5
11:  "class" missing a no argument constructor: LocalLoanProvider CODSTA.POD.DCTOR-5
11:  "public" class without an '@invariant' contract: LocalLoanProvider DBC.PUBC-3
11:  Missing '@version' Javadoc tag: LocalLoanProvider JAVADOC.MVJDT-3
11:  Number of Javadoc comments are below thresholds (%): 17.0 METRICS.PJDC-3
11:  'readObject()' method is missing SECURITY.WSC.DSER-5
11:  interface type 'LoanProvider' is used MOBILE.AUI-3
12:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
12:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
12:  interface type 'LoanProvider' is used MOBILE.AUI-3
12:  Missing 'getLoanProcessor()' method for field 'loanProcessor' BEAN.NFM-4
12:  Field 'loanProcessor' is not initialized in its declaration INIT.CSI-4
13:  Line is longer than 80 characters: 133 APSC_DV.003215.LL-3
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
13:  Line is longer than 80 characters: 133 FORMAT.LL-3
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
13:  Missing 'getLoanProviderName()' method for field 'loanProviderName' BEAN.NFM-4
13:  Field 'loanProviderName' is not initialized in its declaration INIT.CSI-4
15:  No JUnit test method defined for 'setLoanProcessor()' JUNIT.TEST-2
15:  Globally unused "public" method: setLoanProcessor() GLOBAL.UPPM-4
15:  Setter method 'setLoanProcessor()' is not declared "final" OPT.MAF-5
15:  interface type 'LoanProvider' is used MOBILE.AUI-3
15:  Formal parameter 'loanProcessor' is not declared as final CODSTA.BP.FPF-3
15:  The parameter 'loanProcessor' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
15:  Parameter 'loanProcessor' has the same name as a field OOP.HMF-3
19:  No JUnit test method defined for 'setLoanProviderName()' JUNIT.TEST-2
19:  Globally unused "public" method: setLoanProviderName() GLOBAL.UPPM-4
19:  Setter method 'setLoanProviderName()' is not declared "final" OPT.MAF-5
19:  Formal parameter 'loanProviderName' is not declared as final CODSTA.BP.FPF-3
19:  The parameter 'loanProviderName' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
19:  Parameter 'loanProviderName' has the same name as a field OOP.HMF-3
 +  24:  Method "requestLoan" is calling itself BD.PB.RECFUN-5
24:  No JUnit test method defined for 'requestLoan()' JUNIT.TEST-2
24:  The method 'requestLoan' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
24:  Missing Javadoc comment for method 'requestLoan()' JAVADOC.PJDM-3
24:  Formal parameter 'loanRequest' is not declared as final CODSTA.BP.FPF-3
25:  The declaration of the local variable 'loanResponse' is not followed by a comment CODSTA.READ.CLV-5
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/service/AdminManagerAware.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Public clone method missing CERT.OBJ05.MUCOP-1
5:  Static creation method missing CERT.OBJ05.MUCOP-1
5:  Copy constructor missing CERT.OBJ05.MUCOP-1
5:  Public clone method missing CERT.OBJ06.MUCOP-2
5:  Static creation method missing CERT.OBJ06.MUCOP-2
5:  Copy constructor missing CERT.OBJ06.MUCOP-2
5:  'clone()' method is missing CERT.OBJ07.MCNC-2
5:  Public clone method missing CERT.OBJ04.MUCOP-3
5:  Static creation method missing CERT.OBJ04.MUCOP-3
5:  Copy constructor missing CERT.OBJ04.MUCOP-3
5:  Missing Javadoc comment for 'AdminManagerAware' JAVADOC.PJDC-3
5:  Public clone method missing OOP.MUCOP-3
5:  Static creation method missing OOP.MUCOP-3
5:  Copy constructor missing OOP.MUCOP-3
5:  'writeObject()' method is missing CWE.499.SER-5
5:  'clone()' method is missing SECURITY.WSC.MCNC-5
5:  'writeObject()' method is missing SECURITY.WSC.SER-5
7:  Missing Javadoc comment for method 'setAdminManager()' JAVADOC.PJDM-3
7:  interface type 'AdminManager' is used MOBILE.AUI-3
11:  Misspelled word 'admin' JAVADOC.SPELL-3
17:  interface type 'AdminManager' is used MOBILE.AUI-3
17:  The '@post'/'@return' tag(s) for the method 'getAdminManager' do not properly describe whether or not the method can return null JAVADOC.CRN-3
17:  "public" method without a '@post' contract: getAdminManager () DBC.PUBMPOST-3
17:  "public" method without a '@pre' contract: getAdminManager DBC.PUBMPRE-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/service/BankManagerAware.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Public clone method missing CERT.OBJ05.MUCOP-1
5:  Static creation method missing CERT.OBJ05.MUCOP-1
5:  Copy constructor missing CERT.OBJ05.MUCOP-1
5:  Public clone method missing CERT.OBJ06.MUCOP-2
5:  Static creation method missing CERT.OBJ06.MUCOP-2
5:  Copy constructor missing CERT.OBJ06.MUCOP-2
5:  'clone()' method is missing CERT.OBJ07.MCNC-2
5:  Public clone method missing CERT.OBJ04.MUCOP-3
5:  Static creation method missing CERT.OBJ04.MUCOP-3
5:  Copy constructor missing CERT.OBJ04.MUCOP-3
5:  Missing Javadoc comment for 'BankManagerAware' JAVADOC.PJDC-3
5:  Public clone method missing OOP.MUCOP-3
5:  Static creation method missing OOP.MUCOP-3
5:  Copy constructor missing OOP.MUCOP-3
5:  The interface 'BankManagerAware' is never implemented GLOBAL.NIE-4
5:  Globally unused "public" interface: com.parasoft.parabank.service.BankManagerAware GLOBAL.UPPC-4
5:  'writeObject()' method is missing CWE.499.SER-5
5:  'clone()' method is missing SECURITY.WSC.MCNC-5
5:  'writeObject()' method is missing SECURITY.WSC.SER-5
7:  Missing Javadoc comment for method 'setBankManager()' JAVADOC.PJDM-3
7:  interface type 'BankManager' is used MOBILE.AUI-3
17:  interface type 'BankManager' is used MOBILE.AUI-3
17:  The '@post'/'@return' tag(s) for the method 'getBankManager' do not properly describe whether or not the method can return null JAVADOC.CRN-3
17:  "public" method without a '@post' contract: getBankManager () DBC.PUBMPOST-3
17:  "public" method without a '@pre' contract: getBankManager DBC.PUBMPRE-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/service/CustomerConstants.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  'clone()' method is missing CERT.OBJ07.MCNC-2
3:  Interface 'CustomerConstants' contains only fields CODSTA.POD.ACIAP-3
3:  Missing Javadoc comment for 'CustomerConstants' JAVADOC.PJDC-3
3:  Constant declared in an "interface": 'CustomerConstants' CODSTA.POD.ISACF-4
3:  Interface 'com.parasoft.parabank.service.CustomerConstants' should be declared "package-private" GLOBAL.DPPC-4
3:  'writeObject()' method is missing CWE.499.SER-5
3:  'clone()' method is missing SECURITY.WSC.MCNC-5
3:  'writeObject()' method is missing SECURITY.WSC.SER-5
3:  'CustomerConstants' contains too many fields: 27 METRICS.NOFT-4
3:  CustomerConstants contains too many "public" fields: 27 METRICS.NPUBF-2
3:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
5:  Missing Javadoc comment for 'ACCOUNT_ID' JAVADOC.PJDF-3
5:  Non internationalized string: "accountId" INTER.ITT-3
7:  Missing Javadoc comment for 'BILL_PAY_ACCOUNT_ID_DESC' JAVADOC.PJDF-3
7:  Non internationalized string: "Bill payment source account" INTER.ITT-3
9:  Missing Javadoc comment for 'CITY' JAVADOC.PJDF-3
9:  Non internationalized string: "city" INTER.ITT-3
11:  Missing Javadoc comment for 'CITY_DESC' JAVADOC.PJDF-3
11:  Non internationalized string: "City" INTER.ITT-3
13:  Missing Javadoc comment for 'CUSTOMER_ACCOUNT_DEP_DESC' JAVADOC.PJDF-3
13:  Non internationalized string: "Customer funds target account" INTER.ITT-3
15:  Missing Javadoc comment for 'CUSTOMER_ACCOUNT_DESC' JAVADOC.PJDF-3
15:  Non internationalized string: "Customer funds source account" INTER.ITT-3
17:  Missing Javadoc comment for 'CUSTOMER_ACCOUNT_FETCH_DESC' JAVADOC.PJDF-3
17:  Non internationalized string: "Account id" INTER.ITT-3
19:  Missing Javadoc comment for 'CUSTOMER_FIRST_NAME_DESC' JAVADOC.PJDF-3
19:  Non internationalized string: "Customer's given (first) name" INTER.ITT-3
21:  Missing Javadoc comment for 'CUSTOMER_ID' JAVADOC.PJDF-3
21:  Non internationalized string: "customerId" INTER.ITT-3
23:  Missing Javadoc comment for 'CUSTOMER_ID_DESC' JAVADOC.PJDF-3
23:  Non internationalized string: "Customer's id" INTER.ITT-3
25:  Missing Javadoc comment for 'CUSTOMER_LAST_NAME_DESC' JAVADOC.PJDF-3
25:  Non internationalized string: "Customer's surname (last name)" INTER.ITT-3
27:  Missing Javadoc comment for 'CUSTOMERS_PASSWORD_DESC' JAVADOC.PJDF-3
27:  Non internationalized string: "Customer's password" INTER.ITT-3
29:  Missing Javadoc comment for 'CUSTOMERS_USER_NAME_DESC' JAVADOC.PJDF-3
29:  Non internationalized string: "Customer's user name" INTER.ITT-3
31:  Missing Javadoc comment for 'FIRST_NAME' JAVADOC.PJDF-3
31:  Non internationalized string: "firstName" INTER.ITT-3
33:  Missing Javadoc comment for 'LAST_NAME' JAVADOC.PJDF-3
33:  Non internationalized string: "lastName" INTER.ITT-3
35:  Missing Javadoc comment for 'PASSWORD' JAVADOC.PJDF-3
35:  Non internationalized string: "password" INTER.ITT-3
37:  Missing Javadoc comment for 'PHONE_NUMBER' JAVADOC.PJDF-3
37:  Non internationalized string: "phoneNumber" INTER.ITT-3
39:  Missing Javadoc comment for 'PHONE_NUMBER_DESC' JAVADOC.PJDF-3
39:  Non internationalized string: "Contact Phone Number" INTER.ITT-3
41:  Missing Javadoc comment for 'SSN' JAVADOC.PJDF-3
41:  Non internationalized string: "ssn" INTER.ITT-3
41:  Misspelled word 'ssn' JAVADOC.SPELL-3
43:  Missing Javadoc comment for 'SSN_DESC' JAVADOC.PJDF-3
43:  Non internationalized string: "Social Security Number" INTER.ITT-3
45:  Missing Javadoc comment for 'STATE' JAVADOC.PJDF-3
45:  Non internationalized string: "state" INTER.ITT-3
47:  Missing Javadoc comment for 'STATE_DESC' JAVADOC.PJDF-3
47:  Non internationalized string: "US state or Region name" INTER.ITT-3
49:  Missing Javadoc comment for 'STREET' JAVADOC.PJDF-3
49:  Non internationalized string: "street" INTER.ITT-3
51:  Line is longer than 80 characters: 98 APSC_DV.003215.LL-3
51:  Line is longer than 80 characters: 98 FORMAT.LL-3
51:  Missing Javadoc comment for 'STREET_ADDRESS_DESC' JAVADOC.PJDF-3
51:  Non internationalized string: "Street Address including bilding number and apartment (if any)" INTER.ITT-3
51:  Misspelled word 'bilding' JAVADOC.SPELL-3
53:  Missing Javadoc comment for 'USERNAME' JAVADOC.PJDF-3
53:  Non internationalized string: "username" INTER.ITT-3
55:  Missing Javadoc comment for 'ZIP_CODE' JAVADOC.PJDF-3
55:  Non internationalized string: "zipCode" INTER.ITT-3
57:  Missing Javadoc comment for 'ZIP_CODE_DESC' JAVADOC.PJDF-3
57:  Non internationalized string: "ZIP code or province id" INTER.ITT-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/service/LoanProcessorServiceImpl.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  "import com.parasoft.parabank.domain.logic.LoanProvider" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
5:  "import com.parasoft.parabank.domain.logic.LoanProvider" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
7:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
7:  Line is longer than 80 characters: 114 APSC_DV.003215.LL-3
7:  Use 2 blank lines before type declaration FORMAT.BLCD-3
7:  Line is longer than 80 characters: 114 FORMAT.LL-3
7:  Public clone method missing CERT.OBJ05.MUCOP-1
7:  Static creation method missing CERT.OBJ05.MUCOP-1
7:  Copy constructor missing CERT.OBJ05.MUCOP-1
7:  Public clone method missing CERT.OBJ06.MUCOP-2
7:  Static creation method missing CERT.OBJ06.MUCOP-2
7:  Copy constructor missing CERT.OBJ06.MUCOP-2
7:  'clone()' method is missing CERT.OBJ07.MCNC-2
7:  Public clone method missing CERT.OBJ04.MUCOP-3
7:  Static creation method missing CERT.OBJ04.MUCOP-3
7:  Copy constructor missing CERT.OBJ04.MUCOP-3
7:  getter method without an @invariant contract: getLoanProcessor() DBC.IGM-3
7:  getter method without an @invariant contract: getLoanProviderName() DBC.IGM-3
7:  Missing Javadoc comment for 'LoanProcessorServiceImpl' JAVADOC.PJDC-3
7:  Public clone method missing OOP.MUCOP-3
7:  Static creation method missing OOP.MUCOP-3
7:  Copy constructor missing OOP.MUCOP-3
7:  Globally unused "public" class: com.parasoft.parabank.service.LoanProcessorServiceImpl GLOBAL.UPPC-4
7:  'writeObject()' method is missing CWE.499.SER-5
7:  'clone()' method is missing SECURITY.WSC.MCNC-5
7:  'writeObject()' method is missing SECURITY.WSC.SER-5
7:  "class" missing a no argument constructor: LoanProcessorServiceImpl CODSTA.POD.DCTOR-5
7:  'readObject()' method is missing SECURITY.WSC.DSER-5
7:  interface type 'LoanProcessorService' is used MOBILE.AUI-3
7:  interface type 'LoanProcessorAware' is used MOBILE.AUI-3
7:  interface type 'LoanProviderNameAware' is used MOBILE.AUI-3
8:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
8:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
8:  interface type 'LoanProvider' is used MOBILE.AUI-3
8:  Field 'loanProcessor' is not initialized in its declaration INIT.CSI-4
10:  Field 'loanProviderName' is not initialized in its declaration INIT.CSI-4
14:  interface type 'LoanProvider' is used MOBILE.AUI-3
14:  No JUnit test method defined for 'getLoanProcessor()' JUNIT.TEST-2
14:  The method 'getLoanProcessor' should include an '@post' or '@return' tag describing whether or not the method can return null JAVADOC.CRN-3
14:  Missing Javadoc tag '@since' for method 'getLoanProcessor()' JAVADOC.ECTM-3
14:  Method 'getLoanProcessor()' should be declared "final" GLOBAL.SPPM-5
14:  "public" method without a '@post' contract: getLoanProcessor () DBC.PUBMPOST-3
14:  "public" method without a '@pre' contract: getLoanProcessor DBC.PUBMPRE-3
14:  Getter method 'getLoanProcessor()' is not declared "final" OPT.MAF-5
20:  "public" method without a '@post' contract: getLoanProviderName () DBC.PUBMPOST-3
20:  "public" method without a '@pre' contract: getLoanProviderName DBC.PUBMPRE-3
20:  Getter method 'getLoanProviderName()' is not declared "final" OPT.MAF-5
20:  No JUnit test method defined for 'getLoanProviderName()' JUNIT.TEST-2
20:  The method 'getLoanProviderName' should include an '@post' or '@return' tag describing whether or not the method can return null JAVADOC.CRN-3
20:  Missing Javadoc tag '@since' for method 'getLoanProviderName()' JAVADOC.ECTM-3
20:  Method 'getLoanProviderName()' should be declared "final" GLOBAL.SPPM-5
26:  Line is longer than 80 characters: 100 APSC_DV.003215.LL-3
26:  Line is longer than 80 characters: 100 FORMAT.LL-3
26:  No JUnit test method defined for 'requestLoan()' JUNIT.TEST-2
26:  The method 'requestLoan' should include an '@post' or '@return' tag describing whether or not the method can return null JAVADOC.CRN-3
26:  Missing Javadoc tag '@since' for method 'requestLoan()' JAVADOC.ECTM-3
26:  Globally unused "public" method: requestLoan() GLOBAL.UPPM-4
26:  "public" method without a '@post' contract: requestLoan () DBC.PUBMPOST-3
26:  "public" method without a '@pre' contract: requestLoan DBC.PUBMPRE-3
26:  Exception 'ParaBankServiceException' is not thrown in the body of method 'requestLoan' GLOBAL.AUT-2
27:  Line is longer than 80 characters: 82 APSC_DV.003215.LL-3
27:  Line is longer than 80 characters: 82 FORMAT.LL-3
27:  The declaration of the local variable 'response' is not followed by a comment CODSTA.READ.CLV-5
27:  Access the field 'loanProcessor' directly instead of using the method 'getLoanProcessor' CODSTA.READ.AFD-3
27:  The return value of 'getLoanProcessor()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
27:  getter method 'getLoanProcessor' is used MOBILE.AMA-3
28:  Access the field 'loanProviderName' directly instead of using the method 'getLoanProviderName' CODSTA.READ.AFD-3
28:  getter method 'getLoanProviderName' is used MOBILE.AMA-3
34:  No JUnit test method defined for 'setLoanProcessor()' JUNIT.TEST-2
34:  Missing Javadoc tag '@since' for method 'setLoanProcessor()' JAVADOC.ECTM-3
34:  "public" method without a '@post' contract: setLoanProcessor () DBC.PUBMPOST-3
34:  "public" method without a '@pre' contract: setLoanProcessor DBC.PUBMPRE-3
34:  Setter method 'setLoanProcessor()' is not declared "final" OPT.MAF-5
34:  interface type 'LoanProvider' is used MOBILE.AUI-3
34:  The parameter 'loanProcessor' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
34:  Parameter 'loanProcessor' has the same name as a field OOP.HMF-3
40:  No JUnit test method defined for 'setLoanProviderName()' JUNIT.TEST-2
40:  Missing Javadoc tag '@since' for method 'setLoanProviderName()' JAVADOC.ECTM-3
40:  "public" method without a '@post' contract: setLoanProviderName () DBC.PUBMPOST-3
40:  "public" method without a '@pre' contract: setLoanProviderName DBC.PUBMPRE-3
40:  Setter method 'setLoanProviderName()' is not declared "final" OPT.MAF-5
40:  The parameter 'loanProviderName' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
40:  Parameter 'loanProviderName' has the same name as a field OOP.HMF-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/service/ParaBankServiceConstants.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  'clone()' method is missing CERT.OBJ07.MCNC-2
3:  Interface 'ParaBankServiceConstants' contains only fields CODSTA.POD.ACIAP-3
3:  Missing Javadoc comment for 'ParaBankServiceConstants' JAVADOC.PJDC-3
3:  Constant declared in an "interface": 'ParaBankServiceConstants' CODSTA.POD.ISACF-4
3:  Globally unused "public" interface: com.parasoft.parabank.service.ParaBankServiceConstants GLOBAL.UPPC-4
3:  'writeObject()' method is missing CWE.499.SER-5
3:  'clone()' method is missing SECURITY.WSC.MCNC-5
3:  'writeObject()' method is missing SECURITY.WSC.SER-5
3:  'ParaBankServiceConstants' contains too many fields: 25 METRICS.NOFT-4
3:  ParaBankServiceConstants contains too many "public" fields: 25 METRICS.NPUBF-2
3:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
3:  interface type 'CustomerConstants' is used MOBILE.AUI-3
5:  Missing Javadoc comment for 'ACCOUNT_TYPE_DESC' JAVADOC.PJDF-3
5:  Non internationalized string: "Account type (CHECKING, SAVINGS, LOAN)" INTER.ITT-3
7:  Missing Javadoc comment for 'ACCOUNTS' JAVADOC.PJDF-3
7:  Non internationalized string: "Accounts" INTER.ITT-3
9:  Missing Javadoc comment for 'AMOUNT_DESC' JAVADOC.PJDF-3
9:  Non internationalized string: "Amount" INTER.ITT-3
11:  Missing Javadoc comment for 'CUSTOMERS' JAVADOC.PJDF-3
11:  Non internationalized string: "Customers" INTER.ITT-3
13:  Missing Javadoc comment for 'DATABASE' JAVADOC.PJDF-3
13:  Non internationalized string: "Database" INTER.ITT-3
15:  Missing Javadoc comment for 'DATE_DESC' JAVADOC.PJDF-3
15:  Non internationalized string: "Search specific date" INTER.ITT-3
17:  Missing Javadoc comment for 'DOWNPAYMENT_DESC' JAVADOC.PJDF-3
17:  Non internationalized string: "Downpayment for the loan" INTER.ITT-3
17:  Misspelled word 'Downpayment' JAVADOC.SPELL-3
19:  Missing Javadoc comment for 'END_DATE_DESC' JAVADOC.PJDF-3
19:  Non internationalized string: "Search ending date" INTER.ITT-3
21:  Missing Javadoc comment for 'INSTRUMENT_NAME' JAVADOC.PJDF-3
21:  Non internationalized string: "Instrument's Name" INTER.ITT-3
23:  Missing Javadoc comment for 'INSTRUMENT_SYMBOL' JAVADOC.PJDF-3
23:  Non internationalized string: "Instrument's exchange symbol" INTER.ITT-3
25:  Missing Javadoc comment for 'JMS' JAVADOC.PJDF-3
25:  Non internationalized string: "JMS" INTER.ITT-3
27:  Missing Javadoc comment for 'LOANS' JAVADOC.PJDF-3
27:  Non internationalized string: "Loans" INTER.ITT-3
29:  Missing Javadoc comment for 'MISC' JAVADOC.PJDF-3
29:  Non internationalized string: "Misc" INTER.ITT-3
29:  Misspelled word 'Misc' JAVADOC.SPELL-3
31:  Missing Javadoc comment for 'MONTH_DESC' JAVADOC.PJDF-3
31:  Non internationalized string: "Month to use for the search range" INTER.ITT-3
33:  Missing Javadoc comment for 'NUMBER_OF_SHARES_DESC' JAVADOC.PJDF-3
33:  Non internationalized string: "number of shares" INTER.ITT-3
35:  Missing Javadoc comment for 'PARAMETER_NAME' JAVADOC.PJDF-3
35:  Non internationalized string: "Parameter Name" INTER.ITT-3
37:  Missing Javadoc comment for 'PARAMETER_VALUE' JAVADOC.PJDF-3
37:  Non internationalized string: "Parameter Value" INTER.ITT-3
39:  Missing Javadoc comment for 'POSITION_ID_DESC' JAVADOC.PJDF-3
39:  Non internationalized string: "Unique identifier for the position" INTER.ITT-3
41:  Missing Javadoc comment for 'POSITIONS' JAVADOC.PJDF-3
41:  Non internationalized string: "Positions" INTER.ITT-3
43:  Missing Javadoc comment for 'PRICE_PER_SHARE_DESC' JAVADOC.PJDF-3
43:  Non internationalized string: "Price of each share" INTER.ITT-3
45:  Missing Javadoc comment for 'START_DATE_DESC' JAVADOC.PJDF-3
45:  Non internationalized string: "Search starting date" INTER.ITT-3
47:  Missing Javadoc comment for 'TNS' JAVADOC.PJDF-3
47:  Non internationalized string: "http://service.parabank.parasoft.com/" INTER.ITT-3
49:  Missing Javadoc comment for 'TRANSACTION_ID_DESC' JAVADOC.PJDF-3
49:  Non internationalized string: "Unique identifier for the transaction" INTER.ITT-3
51:  Missing Javadoc comment for 'TRANSACTION_TYPE_DESC' JAVADOC.PJDF-3
51:  Non internationalized string: "Transaction type (CREDIT, DEBIT)" INTER.ITT-3
53:  Missing Javadoc comment for 'TRANSACTIONS' JAVADOC.PJDF-3
53:  Non internationalized string: "Transactions" INTER.ITT-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/service/ParaBankServiceException.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
6:  'clone()' method is missing CERT.OBJ07.MCNC-2
6:  Missing Javadoc tag '@since' for class 'ParaBankServiceException' JAVADOC.ECTT-3
6:  ParaBankServiceException implements Serializable instead of Externalizable SERIAL.EZEE-3
6:  Class 'com.parasoft.parabank.service.ParaBankServiceException' should be declared "package-private" GLOBAL.DPPC-4
6:  Missing '@author' Javadoc tag: ParaBankServiceException JAVADOC.MAJDT-4
6:  The immutable class not declared 'final' SECURITY.WSC.FIMU-4
6:  Class 'com.parasoft.parabank.service.ParaBankServiceException' should be declared "final" GLOBAL.SPPC-5
6:  'clone()' method is missing SECURITY.WSC.MCNC-5
6:  "public" class without an '@invariant' contract: ParaBankServiceException DBC.PUBC-3
6:  Missing '@version' Javadoc tag: ParaBankServiceException JAVADOC.MVJDT-3
7:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
7:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
23:  No JUnit test method defined for 'ParaBankServiceException()' JUNIT.TEST-2
23:  'public' constructor declared CODSTA.BP.CMUTA-3
23:  Missing Javadoc tag '@since' for method 'ParaBankServiceException()' JAVADOC.ECTM-3
23:  Flag not present SECURITY.WSC.INIVF-4
23:  "public" method without a '@post' contract: ParaBankServiceException () DBC.PUBMPOST-3
23:  "public" method without a '@pre' contract: ParaBankServiceException DBC.PUBMPRE-3
35:  This '@param' tag does not contain a meaningful description of the parameter JAVADOC.MDJT-3
37:  No JUnit test method defined for 'ParaBankServiceException()' JUNIT.TEST-2
37:  'public' constructor declared CODSTA.BP.CMUTA-3
37:  Missing Javadoc tag '@since' for method 'ParaBankServiceException()' JAVADOC.ECTM-3
37:  Flag not present SECURITY.WSC.INIVF-4
37:  "public" method without a '@post' contract: ParaBankServiceException () DBC.PUBMPOST-3
37:  "public" method without a '@pre' contract: ParaBankServiceException DBC.PUBMPRE-3
49:  This '@param' tag does not contain a meaningful description of the parameter JAVADOC.MDJT-3
50:  This '@param' tag does not contain a meaningful description of the parameter JAVADOC.MDJT-3
52:  Line is longer than 80 characters: 84 APSC_DV.003215.LL-3
52:  Line is longer than 80 characters: 84 FORMAT.LL-3
52:  No JUnit test method defined for 'ParaBankServiceException()' JUNIT.TEST-2
52:  'public' constructor declared CODSTA.BP.CMUTA-3
52:  Missing Javadoc tag '@since' for method 'ParaBankServiceException()' JAVADOC.ECTM-3
52:  Flag not present SECURITY.WSC.INIVF-4
52:  "public" method without a '@post' contract: ParaBankServiceException () DBC.PUBMPOST-3
52:  "public" method without a '@pre' contract: ParaBankServiceException DBC.PUBMPRE-3
64:  This '@param' tag does not contain a meaningful description of the parameter JAVADOC.MDJT-3
65:  This '@param' tag does not contain a meaningful description of the parameter JAVADOC.MDJT-3
66:  This '@param' tag does not contain a meaningful description of the parameter JAVADOC.MDJT-3
67:  This '@param' tag does not contain a meaningful description of the parameter JAVADOC.MDJT-3
69:  Line is longer than 80 characters: 116 APSC_DV.003215.LL-3
69:  Line is longer than 80 characters: 116 FORMAT.LL-3
69:  No JUnit test method defined for 'ParaBankServiceException()' JUNIT.TEST-2
69:  'public' constructor declared CODSTA.BP.CMUTA-3
69:  Missing Javadoc tag '@since' for method 'ParaBankServiceException()' JAVADOC.ECTM-3
69:  The constructor 'ParaBankServiceException' is more accessible than the constructor in its superclass SECURITY.WSC.AMA-3
69:  Flag not present SECURITY.WSC.INIVF-4
69:  "public" method without a '@post' contract: ParaBankServiceException () DBC.PUBMPOST-3
69:  "public" method without a '@pre' contract: ParaBankServiceException DBC.PUBMPRE-3
69:  Variable 'aEnableSuppression' does not end with 'boolean' NAMING.UHN-4
70:  Indentation should be 8 (or 16) spaces APSC_DV.003215.IND-3
70:  Indentation should be 8 (or 16) spaces FORMAT.IND-3
70:  Variable 'aWritableStackTrace' does not end with 'boolean' NAMING.UHN-4
82:  This '@param' tag does not contain a meaningful description of the parameter JAVADOC.MDJT-3
84:  No JUnit test method defined for 'ParaBankServiceException()' JUNIT.TEST-2
84:  'public' constructor declared CODSTA.BP.CMUTA-3
84:  Missing Javadoc tag '@since' for method 'ParaBankServiceException()' JAVADOC.ECTM-3
84:  Flag not present SECURITY.WSC.INIVF-4
84:  "public" method without a '@post' contract: ParaBankServiceException () DBC.PUBMPOST-3
84:  "public" method without a '@pre' contract: ParaBankServiceException DBC.PUBMPRE-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/util/Constants.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  'clone()' method is missing CERT.OBJ07.MCNC-2
3:  Interface 'Constants' contains only fields CODSTA.POD.ACIAP-3
3:  Missing Javadoc comment for 'Constants' JAVADOC.PJDC-3
3:  Constant declared in an "interface": 'Constants' CODSTA.POD.ISACF-4
3:  Globally unused "public" interface: com.parasoft.parabank.util.Constants GLOBAL.UPPC-4
3:  'writeObject()' method is missing CWE.499.SER-5
3:  'clone()' method is missing SECURITY.WSC.MCNC-5
3:  'writeObject()' method is missing SECURITY.WSC.SER-5
3:  'Constants' contains too many fields: 41 METRICS.NOFT-4
3:  Constants contains too many "public" fields: 41 METRICS.NPUBF-2
3:  Number of Javadoc comments are below thresholds (%): 0.0 METRICS.PJDC-3
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
4:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
4:  Missing Javadoc comment for 'ABOUT' JAVADOC.PJDF-3
4:  Non internationalized string: "about" INTER.ITT-3
6:  Missing Javadoc comment for 'ACTIVITY' JAVADOC.PJDF-3
6:  Non internationalized string: "activity" INTER.ITT-3
8:  Missing Javadoc comment for 'ADMIN' JAVADOC.PJDF-3
8:  Non internationalized string: "admin" INTER.ITT-3
8:  Misspelled word 'admin' JAVADOC.SPELL-3
10:  Missing Javadoc comment for 'ADMINFORM' JAVADOC.PJDF-3
10:  Non internationalized string: "adminForm" INTER.ITT-3
10:  Misspelled word 'admin' JAVADOC.SPELL-3
12:  Missing Javadoc comment for 'BILLPAY' JAVADOC.PJDF-3
12:  Non internationalized string: "billpay" INTER.ITT-3
12:  Misspelled word 'billpay' JAVADOC.SPELL-3
14:  Missing Javadoc comment for 'BILLPAYFORM' JAVADOC.PJDF-3
14:  Non internationalized string: "billPayForm" INTER.ITT-3
16:  Missing Javadoc comment for 'CLASS_ADMINFORM' JAVADOC.PJDF-3
16:  Non internationalized string: "com.parasoft.parabank.web.form.AdminForm" INTER.ITT-3
18:  Missing Javadoc comment for 'CLASS_CONTACTFORM' JAVADOC.PJDF-3
18:  Non internationalized string: "com.parasoft.parabank.web.form.ContactForm" INTER.ITT-3
20:  Missing Javadoc comment for 'CLASS_CUSTOMERFORM' JAVADOC.PJDF-3
20:  Non internationalized string: "com.parasoft.parabank.web.form.CustomerForm" INTER.ITT-3
22:  Line is longer than 80 characters: 92 APSC_DV.003215.LL-3
22:  Line is longer than 80 characters: 92 FORMAT.LL-3
22:  Missing Javadoc comment for 'CLASS_FINDTRANSACTIONFORM' JAVADOC.PJDF-3
22:  Non internationalized string: "com.parasoft.parabank.web.form.FindTransactionForm" INTER.ITT-3
24:  Missing Javadoc comment for 'CLASS_LOOKUPFORM' JAVADOC.PJDF-3
24:  Non internationalized string: "com.parasoft.parabank.web.form.LookupForm" INTER.ITT-3
26:  Line is longer than 80 characters: 84 APSC_DV.003215.LL-3
26:  Line is longer than 80 characters: 84 FORMAT.LL-3
26:  Missing Javadoc comment for 'CLASS_OPENACCOUNTFORM' JAVADOC.PJDF-3
26:  Non internationalized string: "com.parasoft.parabank.web.form.OpenAccountForm" INTER.ITT-3
28:  Line is longer than 80 characters: 84 APSC_DV.003215.LL-3
28:  Line is longer than 80 characters: 84 FORMAT.LL-3
28:  Missing Javadoc comment for 'CLASS_REQUESTLOANFORM' JAVADOC.PJDF-3
28:  Non internationalized string: "com.parasoft.parabank.web.form.RequestLoanForm" INTER.ITT-3
30:  Line is longer than 80 characters: 90 APSC_DV.003215.LL-3
30:  Line is longer than 80 characters: 90 FORMAT.LL-3
30:  Missing Javadoc comment for 'CLASS_TRANSACTIONCRITERIA' JAVADOC.PJDF-3
30:  Non internationalized string: "com.parasoft.parabank.domain.TransactionCriteria" INTER.ITT-3
32:  Missing Javadoc comment for 'CLASS_TRANSFERFORM' JAVADOC.PJDF-3
32:  Non internationalized string: "com.parasoft.parabank.web.form.TransferForm" INTER.ITT-3
34:  Missing Javadoc comment for 'CONTACT' JAVADOC.PJDF-3
34:  Non internationalized string: "contact" INTER.ITT-3
36:  Missing Javadoc comment for 'CONTACTFORM' JAVADOC.PJDF-3
36:  Non internationalized string: "contactForm" INTER.ITT-3
38:  Missing Javadoc comment for 'CUSTOMERFORM' JAVADOC.PJDF-3
38:  Non internationalized string: "customerForm" INTER.ITT-3
40:  Missing Javadoc comment for 'CUSTOMERFORMUPDATE' JAVADOC.PJDF-3
40:  Non internationalized string: "customerFormUpdate" INTER.ITT-3
42:  Missing Javadoc comment for 'FINDTRANS' JAVADOC.PJDF-3
42:  Non internationalized string: "findtrans" INTER.ITT-3
42:  Misspelled word 'findtrans' JAVADOC.SPELL-3
44:  Missing Javadoc comment for 'FINDTRANSACTIONFORM' JAVADOC.PJDF-3
44:  Non internationalized string: "findTransactionForm" INTER.ITT-3
46:  Missing Javadoc comment for 'INDEX' JAVADOC.PJDF-3
46:  Non internationalized string: "index" INTER.ITT-3
48:  Missing Javadoc comment for 'LOGINFORM' JAVADOC.PJDF-3
48:  Non internationalized string: "loginform" INTER.ITT-3
48:  Misspelled word 'loginform' JAVADOC.SPELL-3
50:  Missing Javadoc comment for 'LOOKUP' JAVADOC.PJDF-3
50:  Non internationalized string: "lookup" INTER.ITT-3
52:  Missing Javadoc comment for 'LOOKUPFORM' JAVADOC.PJDF-3
52:  Non internationalized string: "lookupForm" INTER.ITT-3
54:  Missing Javadoc comment for 'NEWS' JAVADOC.PJDF-3
54:  Non internationalized string: "news" INTER.ITT-3
56:  Missing Javadoc comment for 'OPENACCOUNT' JAVADOC.PJDF-3
56:  Non internationalized string: "openaccount" INTER.ITT-3
56:  Misspelled word 'openaccount' JAVADOC.SPELL-3
58:  Missing Javadoc comment for 'OPENACCOUNTFORM' JAVADOC.PJDF-3
58:  Non internationalized string: "openAccountForm" INTER.ITT-3
60:  Missing Javadoc comment for 'REGISTER' JAVADOC.PJDF-3
60:  Non internationalized string: "register" INTER.ITT-3
62:  Missing Javadoc comment for 'REQUESTLOAN' JAVADOC.PJDF-3
62:  Non internationalized string: "requestloan" INTER.ITT-3
62:  Misspelled word 'requestloan' JAVADOC.SPELL-3
64:  Missing Javadoc comment for 'REQUESTLOANFORM' JAVADOC.PJDF-3
64:  Non internationalized string: "requestLoanForm" INTER.ITT-3
66:  Missing Javadoc comment for 'SERVICES' JAVADOC.PJDF-3
66:  Non internationalized string: "services" INTER.ITT-3
68:  Missing Javadoc comment for 'SITEMAP' JAVADOC.PJDF-3
68:  Non internationalized string: "sitemap" INTER.ITT-3
68:  Misspelled word 'sitemap' JAVADOC.SPELL-3
70:  Missing Javadoc comment for 'TRANSACTION' JAVADOC.PJDF-3
70:  Non internationalized string: "transaction" INTER.ITT-3
72:  Missing Javadoc comment for 'TRANSACTIONCRITERIA' JAVADOC.PJDF-3
72:  Non internationalized string: "transactionCriteria" INTER.ITT-3
74:  Missing Javadoc comment for 'TRANSFER' JAVADOC.PJDF-3
74:  Non internationalized string: "transfer" INTER.ITT-3
76:  Missing Javadoc comment for 'TRANSFERFORM' JAVADOC.PJDF-3
76:  Non internationalized string: "transferForm" INTER.ITT-3
78:  Missing Javadoc comment for 'UPDATEPROFILE' JAVADOC.PJDF-3
78:  Non internationalized string: "updateprofile" INTER.ITT-3
78:  Misspelled word 'updateprofile' JAVADOC.SPELL-3
80:  Missing Javadoc comment for 'USERSESSION' JAVADOC.PJDF-3
80:  Non internationalized string: "userSession" INTER.ITT-3
82:  Missing Javadoc comment for 'DB_PATH_FMT' JAVADOC.PJDF-3
82:  Non internationalized string: "%1$s/WEB-INF/db/%2$s" INTER.ITT-3
84:  Missing Javadoc comment for 'RAML_PATH_FMT' JAVADOC.PJDF-3
84:  Non internationalized string: "%1$s/raml/%2$s" INTER.ITT-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/web/UserSession.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
8:  Public clone method missing CERT.OBJ05.MUCOP-1
8:  Static creation method missing CERT.OBJ05.MUCOP-1
8:  Copy constructor missing CERT.OBJ05.MUCOP-1
8:  Public clone method missing CERT.OBJ06.MUCOP-2
8:  Static creation method missing CERT.OBJ06.MUCOP-2
8:  Copy constructor missing CERT.OBJ06.MUCOP-2
8:  'clone()' method is missing CERT.OBJ07.MCNC-2
8:  Public clone method missing CERT.OBJ04.MUCOP-3
8:  Static creation method missing CERT.OBJ04.MUCOP-3
8:  Copy constructor missing CERT.OBJ04.MUCOP-3
8:  getter method without an @invariant contract: getCustomer() DBC.IGM-3
8:  Missing Javadoc tag '@since' for class 'UserSession' JAVADOC.ECTT-3
8:  Public clone method missing OOP.MUCOP-3
8:  Static creation method missing OOP.MUCOP-3
8:  Copy constructor missing OOP.MUCOP-3
8:  Globally unused "public" class: com.parasoft.parabank.web.UserSession GLOBAL.UPPC-4
8:  Missing '@author' Javadoc tag: UserSession JAVADOC.MAJDT-4
8:  'writeObject()' method is missing CWE.499.SER-5
8:  'clone()' method is missing SECURITY.WSC.MCNC-5
8:  'writeObject()' method is missing SECURITY.WSC.SER-5
8:  "class" missing a no argument constructor: UserSession CODSTA.POD.DCTOR-5
8:  "public" class without an '@invariant' contract: UserSession DBC.PUBC-3
8:  Missing '@version' Javadoc tag: UserSession JAVADOC.MVJDT-3
8:  'readObject()' method is missing SECURITY.WSC.DSER-5
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
11:  No JUnit test method defined for 'UserSession()' JUNIT.TEST-2
11:  Missing Javadoc comment for method 'UserSession()' JAVADOC.PJDM-3
11:  Globally unused "public" constructor UserSession() GLOBAL.UPPM-4
11:  Formal parameter 'customer' is not declared as final CODSTA.BP.FPF-3
11:  The parameter 'customer' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
11:  Parameter 'customer' has the same name as a field OOP.HMF-3
15:  No JUnit test method defined for 'getCustomer()' JUNIT.TEST-2
15:  The method 'getCustomer' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
15:  Missing Javadoc comment for method 'getCustomer()' JAVADOC.PJDM-3
15:  Globally unused "public" method: getCustomer() GLOBAL.UPPM-4
15:  Getter method 'getCustomer()' is not declared "final" OPT.MAF-5
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/web/form/AdminForm.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
4:  "import java.util.HashMap" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
4:  "import java.util.HashMap" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
7:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.logic.AdminParameters CODSTA.ORG.ORIMP-5
9:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
9:  Use 2 blank lines before type declaration FORMAT.BLCD-3
9:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
10:  Misspelled word 'admin' JAVADOC.SPELL-3
12:  Public clone method missing CERT.OBJ05.MUCOP-1
12:  Static creation method missing CERT.OBJ05.MUCOP-1
12:  Copy constructor missing CERT.OBJ05.MUCOP-1
12:  Public clone method missing CERT.OBJ06.MUCOP-2
12:  Static creation method missing CERT.OBJ06.MUCOP-2
12:  Copy constructor missing CERT.OBJ06.MUCOP-2
12:  'clone()' method is missing CERT.OBJ07.MCNC-2
12:  Public clone method missing CERT.OBJ04.MUCOP-3
12:  Static creation method missing CERT.OBJ04.MUCOP-3
12:  Copy constructor missing CERT.OBJ04.MUCOP-3
12:  getter method without an @invariant contract: getAccessMode() DBC.IGM-3
12:  getter method without an @invariant contract: getEndpoint() DBC.IGM-3
12:  getter method without an @invariant contract: getInitialBalance() DBC.IGM-3
12:  getter method without an @invariant contract: getLoanProcessor() DBC.IGM-3
12:  getter method without an @invariant contract: getLoanProcessorThreshold() DBC.IGM-3
12:  getter method without an @invariant contract: getLoanProvider() DBC.IGM-3
12:  getter method without an @invariant contract: getMinimumBalance() DBC.IGM-3
12:  getter method without an @invariant contract: getRestEndpoint() DBC.IGM-3
12:  getter method without an @invariant contract: getSoapEndpoint() DBC.IGM-3
12:  Missing Javadoc tag '@since' for class 'AdminForm' JAVADOC.ECTT-3
12:  Public clone method missing OOP.MUCOP-3
12:  Static creation method missing OOP.MUCOP-3
12:  Copy constructor missing OOP.MUCOP-3
12:  Globally unused "public" class: com.parasoft.parabank.web.form.AdminForm GLOBAL.UPPC-4
12:  Missing '@author' Javadoc tag: AdminForm JAVADOC.MAJDT-4
12:  'writeObject()' method is missing CWE.499.SER-5
12:  'clone()' method is missing SECURITY.WSC.MCNC-5
12:  'writeObject()' method is missing SECURITY.WSC.SER-5
12:  "class" missing a no argument constructor: AdminForm CODSTA.POD.DCTOR-5
12:  "public" class without an '@invariant' contract: AdminForm DBC.PUBC-3
12:  Missing '@version' Javadoc tag: AdminForm JAVADOC.MVJDT-3
12:  AdminForm contains too many "public" methods: 20 METRICS.NPUBM-2
12:  Number of Javadoc comments are below thresholds (%): 4.0 METRICS.PJDC-3
12:  'readObject()' method is missing SECURITY.WSC.DSER-5
14:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
14:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
14:  Field 'endpoint' is not initialized in its declaration INIT.CSI-4
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
15:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
15:  Field 'soapEndpoint' is not initialized in its declaration INIT.CSI-4
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
16:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
16:  Field 'restEndpoint' is not initialized in its declaration INIT.CSI-4
17:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
17:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
17:  Field 'initialBalance' is not initialized in its declaration INIT.CSI-4
18:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
18:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
18:  Field 'minimumBalance' is not initialized in its declaration INIT.CSI-4
19:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
19:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
19:  Field 'loanProvider' is not initialized in its declaration INIT.CSI-4
20:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
20:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
20:  Field 'loanProcessor' is not initialized in its declaration INIT.CSI-4
21:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
21:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
21:  Field 'loanProcessorThreshold' is not initialized in its declaration INIT.CSI-4
22:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
22:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
22:  Field 'accessMode' is not initialized in its declaration INIT.CSI-4
24:  No JUnit test method defined for 'getAccessMode()' JUNIT.TEST-2
24:  The method 'getAccessMode' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
24:  Globally unused "public" method: getAccessMode() GLOBAL.UPPM-4
24:  Getter method 'getAccessMode()' is not declared "final" OPT.MAF-5
28:  Getter method 'getEndpoint()' is not declared "final" OPT.MAF-5
28:  No JUnit test method defined for 'getEndpoint()' JUNIT.TEST-2
28:  The method 'getEndpoint' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
28:  Globally unused "public" method: getEndpoint() GLOBAL.UPPM-4
34:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
34:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
34:  No JUnit test method defined for 'getInitialBalance()' JUNIT.TEST-2
34:  The method 'getInitialBalance' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
34:  Globally unused "public" method: getInitialBalance() GLOBAL.UPPM-4
34:  Getter method 'getInitialBalance()' is not declared "final" OPT.MAF-5
38:  Getter method 'getLoanProcessor()' is not declared "final" OPT.MAF-5
38:  No JUnit test method defined for 'getLoanProcessor()' JUNIT.TEST-2
38:  The method 'getLoanProcessor' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
38:  Globally unused "public" method: getLoanProcessor() GLOBAL.UPPM-4
42:  No JUnit test method defined for 'getLoanProcessorThreshold()' JUNIT.TEST-2
42:  The method 'getLoanProcessorThreshold' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
42:  Globally unused "public" method: getLoanProcessorThreshold() GLOBAL.UPPM-4
42:  Getter method 'getLoanProcessorThreshold()' is not declared "final" OPT.MAF-5
46:  Getter method 'getLoanProvider()' is not declared "final" OPT.MAF-5
46:  No JUnit test method defined for 'getLoanProvider()' JUNIT.TEST-2
46:  The method 'getLoanProvider' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
46:  Globally unused "public" method: getLoanProvider() GLOBAL.UPPM-4
50:  No JUnit test method defined for 'getMinimumBalance()' JUNIT.TEST-2
50:  The method 'getMinimumBalance' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
50:  Globally unused "public" method: getMinimumBalance() GLOBAL.UPPM-4
50:  Getter method 'getMinimumBalance()' is not declared "final" OPT.MAF-5
54:  interface type 'Map' is used MOBILE.AUI-3
54:  No JUnit test method defined for 'getParameters()' JUNIT.TEST-2
54:  The method 'getParameters' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
54:  Missing Javadoc comment for method 'getParameters()' JAVADOC.PJDM-3
54:  Globally unused "public" method: getParameters() GLOBAL.UPPM-4
55:  Anonymous class: 'HashMap' CODSTA.READ.AIC-3
55:  Initial container capacity is not specified OPT.DIC-3
55:  Class extends 'HashMap', which implements 'Map' PB.API.ECMC-5
55:  Class extends 'HashMap' PB.API.EHM-3
55:  Non-static initializer is used CODSTA.READ.NSI-3
56:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
56:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
57:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
57:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
57:  Comma not followed by 1 space APSC_DV.003215.SAC-3
57:  Comma not followed by 1 space FORMAT.SAC-3
58:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
58:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
59:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
59:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
60:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
60:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
60:  Called 'toString()' on a numeric object INTER.NTS-4
61:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
61:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
61:  Called 'toString()' on a numeric object INTER.NTS-4
62:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
62:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
63:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
63:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
64:  Line is longer than 80 characters: 93 APSC_DV.003215.LL-3
64:  Line is longer than 80 characters: 93 FORMAT.LL-3
64:  Indentation should be 16 (or 24) spaces APSC_DV.003215.IND-3
64:  Indentation should be 16 (or 24) spaces FORMAT.IND-3
64:  Called 'toString()' on a numeric object INTER.NTS-4
68:  No JUnit test method defined for 'getRestEndpoint()' JUNIT.TEST-2
68:  The method 'getRestEndpoint' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
68:  Globally unused "public" method: getRestEndpoint() GLOBAL.UPPM-4
68:  Getter method 'getRestEndpoint()' is not declared "final" OPT.MAF-5
72:  Getter method 'getSoapEndpoint()' is not declared "final" OPT.MAF-5
72:  No JUnit test method defined for 'getSoapEndpoint()' JUNIT.TEST-2
72:  The method 'getSoapEndpoint' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
72:  Globally unused "public" method: getSoapEndpoint() GLOBAL.UPPM-4
76:  No JUnit test method defined for 'setAccessMode()' JUNIT.TEST-2
76:  Globally unused "public" method: setAccessMode() GLOBAL.UPPM-4
76:  Setter method 'setAccessMode()' is not declared "final" OPT.MAF-5
80:  Setter method 'setEndpoint()' is not declared "final" OPT.MAF-5
80:  No JUnit test method defined for 'setEndpoint()' JUNIT.TEST-2
80:  Globally unused "public" method: setEndpoint() GLOBAL.UPPM-4
80:  The parameter 'endpoint' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
80:  Parameter 'endpoint' has the same name as a field OOP.HMF-3
84:  No JUnit test method defined for 'setInitialBalance()' JUNIT.TEST-2
84:  Globally unused "public" method: setInitialBalance() GLOBAL.UPPM-4
84:  Setter method 'setInitialBalance()' is not declared "final" OPT.MAF-5
84:  The parameter 'initialBalance' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
84:  Parameter 'initialBalance' has the same name as a field OOP.HMF-3
88:  No JUnit test method defined for 'setLoanProcessor()' JUNIT.TEST-2
88:  Globally unused "public" method: setLoanProcessor() GLOBAL.UPPM-4
88:  Setter method 'setLoanProcessor()' is not declared "final" OPT.MAF-5
88:  The parameter 'loanProcessor' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
88:  Parameter 'loanProcessor' has the same name as a field OOP.HMF-3
92:  Line is longer than 80 characters: 81 APSC_DV.003215.LL-3
92:  Line is longer than 80 characters: 81 FORMAT.LL-3
92:  No JUnit test method defined for 'setLoanProcessorThreshold()' JUNIT.TEST-2
92:  Globally unused "public" method: setLoanProcessorThreshold() GLOBAL.UPPM-4
92:  Setter method 'setLoanProcessorThreshold()' is not declared "final" OPT.MAF-5
92:  The parameter 'loanProcessorThreshold' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
92:  Parameter 'loanProcessorThreshold' has the same name as a field OOP.HMF-3
96:  No JUnit test method defined for 'setLoanProvider()' JUNIT.TEST-2
96:  Globally unused "public" method: setLoanProvider() GLOBAL.UPPM-4
96:  Setter method 'setLoanProvider()' is not declared "final" OPT.MAF-5
96:  The parameter 'loanProvider' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
96:  Parameter 'loanProvider' has the same name as a field OOP.HMF-3
100:  No JUnit test method defined for 'setMinimumBalance()' JUNIT.TEST-2
100:  Globally unused "public" method: setMinimumBalance() GLOBAL.UPPM-4
100:  Setter method 'setMinimumBalance()' is not declared "final" OPT.MAF-5
100:  The parameter 'minimumBalance' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
100:  Parameter 'minimumBalance' has the same name as a field OOP.HMF-3
104:  No JUnit test method defined for 'setParameters()' JUNIT.TEST-2
104:  Missing Javadoc comment for method 'setParameters()' JAVADOC.PJDM-3
104:  Globally unused "public" method: setParameters() GLOBAL.UPPM-4
104:  interface type 'Map' is used MOBILE.AUI-3
109:  Variable 'varString' is not declared at the beginning of the block CODSTA.READ.PDBB-4
109:  The declaration of the local variable 'varString' is not followed by a comment CODSTA.READ.CLV-5
110:  Line is longer than 80 characters: 105 APSC_DV.003215.LL-3
110:  Line is longer than 80 characters: 105 FORMAT.LL-3
110:  Missing '()' to separate complex expression APSC_DV.003215.APAREN-3
110:  Missing '()' to separate complex expression FORMAT.APAREN-3
110:  The String literal "515.55" is used SECURITY.WSC.SL-3
112:  Line is longer than 80 characters: 105 APSC_DV.003215.LL-3
112:  Line is longer than 80 characters: 105 FORMAT.LL-3
112:  Missing '()' to separate complex expression APSC_DV.003215.APAREN-3
112:  Missing '()' to separate complex expression FORMAT.APAREN-3
112:  The String literal "100.00" is used SECURITY.WSC.SL-3
115:  There is not 1 space after 'varString' APSC_DV.003215.SAOP-3
115:  There is not 1 space after 'varString' FORMAT.SAOP-3
115:  There is not 1 space after '=' APSC_DV.003215.SAOP-3
115:  There is not 1 space after '=' FORMAT.SAOP-3
116:  Line is longer than 80 characters: 111 APSC_DV.003215.LL-3
116:  Line is longer than 80 characters: 111 FORMAT.LL-3
116:  The primitive type 'int' will require automatic boxing here CODSTA.READ.ABUB-4
116:  The method 'parseInt()' may throw a "NumberFormatException" that is neither caught nor declared to be thrown EXCEPT.NFE-3
116:  Called the 'parseInt()' method of class 'Integer' INTER.PN-4
116:  Missing '()' to separate complex expression APSC_DV.003215.APAREN-3
116:  Missing '()' to separate complex expression FORMAT.APAREN-3
116:  The String literal "20" is used SECURITY.WSC.SL-3
119:  Setter method 'setRestEndpoint()' is not declared "final" OPT.MAF-5
119:  No JUnit test method defined for 'setRestEndpoint()' JUNIT.TEST-2
119:  Globally unused "public" method: setRestEndpoint() GLOBAL.UPPM-4
123:  No JUnit test method defined for 'setSoapEndpoint()' JUNIT.TEST-2
123:  Globally unused "public" method: setSoapEndpoint() GLOBAL.UPPM-4
123:  Setter method 'setSoapEndpoint()' is not declared "final" OPT.MAF-5
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/web/form/BillPayForm.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.Payee CODSTA.ORG.ORIMP-5
7:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
7:  Use 2 blank lines before type declaration FORMAT.BLCD-3
7:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
10:  Public clone method missing CERT.OBJ05.MUCOP-1
10:  Static creation method missing CERT.OBJ05.MUCOP-1
10:  Copy constructor missing CERT.OBJ05.MUCOP-1
10:  Public clone method missing CERT.OBJ06.MUCOP-2
10:  Static creation method missing CERT.OBJ06.MUCOP-2
10:  Copy constructor missing CERT.OBJ06.MUCOP-2
10:  'clone()' method is missing CERT.OBJ07.MCNC-2
10:  Public clone method missing CERT.OBJ04.MUCOP-3
10:  Static creation method missing CERT.OBJ04.MUCOP-3
10:  Copy constructor missing CERT.OBJ04.MUCOP-3
10:  getter method without an @invariant contract: getPayee() DBC.IGM-3
10:  getter method without an @invariant contract: getVerifyAccount() DBC.IGM-3
10:  getter method without an @invariant contract: getAmount() DBC.IGM-3
10:  getter method without an @invariant contract: getFromAccountId() DBC.IGM-3
10:  Missing Javadoc tag '@since' for class 'BillPayForm' JAVADOC.ECTT-3
10:  Public clone method missing OOP.MUCOP-3
10:  Static creation method missing OOP.MUCOP-3
10:  Copy constructor missing OOP.MUCOP-3
10:  Globally unused "public" class: com.parasoft.parabank.web.form.BillPayForm GLOBAL.UPPC-4
10:  Missing '@author' Javadoc tag: BillPayForm JAVADOC.MAJDT-4
10:  'writeObject()' method is missing CWE.499.SER-5
10:  'clone()' method is missing SECURITY.WSC.MCNC-5
10:  'writeObject()' method is missing SECURITY.WSC.SER-5
10:  "class" missing a no argument constructor: BillPayForm CODSTA.POD.DCTOR-5
10:  "public" class without an '@invariant' contract: BillPayForm DBC.PUBC-3
10:  Missing '@version' Javadoc tag: BillPayForm JAVADOC.MVJDT-3
10:  Number of Javadoc comments are below thresholds (%): 8.0 METRICS.PJDC-3
10:  'readObject()' method is missing SECURITY.WSC.DSER-5
11:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
11:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
11:  Field 'payee' is not initialized in its declaration INIT.CSI-4
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
12:  Field 'verifyAccount' is not initialized in its declaration INIT.CSI-4
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
13:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
13:  Field 'amount' is not initialized in its declaration INIT.CSI-4
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
14:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
14:  Field 'fromAccountId' is not initialized in its declaration INIT.CSI-4
14:  Variable 'fromAccountId' does not end with 'int' NAMING.UHN-4
16:  No JUnit test method defined for 'getPayee()' JUNIT.TEST-2
16:  The method 'getPayee' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
16:  Globally unused "public" method: getPayee() GLOBAL.UPPM-4
16:  Getter method 'getPayee()' is not declared "final" OPT.MAF-5
20:  Setter method 'setPayee()' is not declared "final" OPT.MAF-5
20:  No JUnit test method defined for 'setPayee()' JUNIT.TEST-2
20:  Globally unused "public" method: setPayee() GLOBAL.UPPM-4
20:  Formal parameter 'payee' is not declared as final CODSTA.BP.FPF-3
20:  The parameter 'payee' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
20:  Parameter 'payee' has the same name as a field OOP.HMF-3
24:  No JUnit test method defined for 'getVerifyAccount()' JUNIT.TEST-2
24:  The method 'getVerifyAccount' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
24:  Globally unused "public" method: getVerifyAccount() GLOBAL.UPPM-4
24:  Getter method 'getVerifyAccount()' is not declared "final" OPT.MAF-5
28:  Setter method 'setVerifyAccount()' is not declared "final" OPT.MAF-5
28:  No JUnit test method defined for 'setVerifyAccount()' JUNIT.TEST-2
28:  Globally unused "public" method: setVerifyAccount() GLOBAL.UPPM-4
28:  Formal parameter 'verifyAccount' is not declared as final CODSTA.BP.FPF-3
28:  The parameter 'verifyAccount' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
28:  Parameter 'verifyAccount' has the same name as a field OOP.HMF-3
32:  No JUnit test method defined for 'getAmount()' JUNIT.TEST-2
32:  The method 'getAmount' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
32:  Globally unused "public" method: getAmount() GLOBAL.UPPM-4
32:  Getter method 'getAmount()' is not declared "final" OPT.MAF-5
36:  Setter method 'setAmount()' is not declared "final" OPT.MAF-5
36:  No JUnit test method defined for 'setAmount()' JUNIT.TEST-2
36:  Globally unused "public" method: setAmount() GLOBAL.UPPM-4
36:  Formal parameter 'amount' is not declared as final CODSTA.BP.FPF-3
36:  The parameter 'amount' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
36:  Parameter 'amount' has the same name as a field OOP.HMF-3
40:  No JUnit test method defined for 'getFromAccountId()' JUNIT.TEST-2
40:  Globally unused "public" method: getFromAccountId() GLOBAL.UPPM-4
40:  Getter method 'getFromAccountId()' is not declared "final" OPT.MAF-5
44:  Setter method 'setFromAccountId()' is not declared "final" OPT.MAF-5
44:  No JUnit test method defined for 'setFromAccountId()' JUNIT.TEST-2
44:  Globally unused "public" method: setFromAccountId() GLOBAL.UPPM-4
44:  Formal parameter 'fromAccountId' is not declared as final CODSTA.BP.FPF-3
44:  The parameter 'fromAccountId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
44:  Parameter 'fromAccountId' has the same name as a field OOP.HMF-3
44:  Variable 'fromAccountId' does not end with 'int' NAMING.UHN-4
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/web/form/ContactForm.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
6:  Public clone method missing CERT.OBJ05.MUCOP-1
6:  Static creation method missing CERT.OBJ05.MUCOP-1
6:  Copy constructor missing CERT.OBJ05.MUCOP-1
6:  Public clone method missing CERT.OBJ06.MUCOP-2
6:  Static creation method missing CERT.OBJ06.MUCOP-2
6:  Copy constructor missing CERT.OBJ06.MUCOP-2
6:  'clone()' method is missing CERT.OBJ07.MCNC-2
6:  Public clone method missing CERT.OBJ04.MUCOP-3
6:  Static creation method missing CERT.OBJ04.MUCOP-3
6:  Copy constructor missing CERT.OBJ04.MUCOP-3
6:  getter method without an @invariant contract: getName() DBC.IGM-3
6:  getter method without an @invariant contract: getEmail() DBC.IGM-3
6:  getter method without an @invariant contract: getPhone() DBC.IGM-3
6:  getter method without an @invariant contract: getMessage() DBC.IGM-3
6:  Missing Javadoc tag '@since' for class 'ContactForm' JAVADOC.ECTT-3
6:  Public clone method missing OOP.MUCOP-3
6:  Static creation method missing OOP.MUCOP-3
6:  Copy constructor missing OOP.MUCOP-3
6:  Globally unused "public" class: com.parasoft.parabank.web.form.ContactForm GLOBAL.UPPC-4
6:  Missing '@author' Javadoc tag: ContactForm JAVADOC.MAJDT-4
6:  'writeObject()' method is missing CWE.499.SER-5
6:  'clone()' method is missing SECURITY.WSC.MCNC-5
6:  'writeObject()' method is missing SECURITY.WSC.SER-5
6:  "class" missing a no argument constructor: ContactForm CODSTA.POD.DCTOR-5
6:  "public" class without an '@invariant' contract: ContactForm DBC.PUBC-3
6:  Missing '@version' Javadoc tag: ContactForm JAVADOC.MVJDT-3
6:  Number of Javadoc comments are below thresholds (%): 8.0 METRICS.PJDC-3
6:  'readObject()' method is missing SECURITY.WSC.DSER-5
7:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
7:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
7:  Field 'name' is not initialized in its declaration INIT.CSI-4
8:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
8:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
8:  Field 'email' is not initialized in its declaration INIT.CSI-4
9:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
9:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
9:  Field 'phone' is not initialized in its declaration INIT.CSI-4
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
10:  Field 'message' is not initialized in its declaration INIT.CSI-4
12:  No JUnit test method defined for 'getName()' JUNIT.TEST-2
12:  The method 'getName' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
12:  Globally unused "public" method: getName() GLOBAL.UPPM-4
12:  Getter method 'getName()' is not declared "final" OPT.MAF-5
16:  Setter method 'setName()' is not declared "final" OPT.MAF-5
16:  No JUnit test method defined for 'setName()' JUNIT.TEST-2
16:  Globally unused "public" method: setName() GLOBAL.UPPM-4
16:  Formal parameter 'name' is not declared as final CODSTA.BP.FPF-3
16:  The parameter 'name' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
16:  Parameter 'name' has the same name as a field OOP.HMF-3
20:  No JUnit test method defined for 'getEmail()' JUNIT.TEST-2
20:  The method 'getEmail' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
20:  Globally unused "public" method: getEmail() GLOBAL.UPPM-4
20:  Getter method 'getEmail()' is not declared "final" OPT.MAF-5
24:  Setter method 'setEmail()' is not declared "final" OPT.MAF-5
24:  No JUnit test method defined for 'setEmail()' JUNIT.TEST-2
24:  Globally unused "public" method: setEmail() GLOBAL.UPPM-4
24:  Formal parameter 'email' is not declared as final CODSTA.BP.FPF-3
24:  The parameter 'email' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
24:  Parameter 'email' has the same name as a field OOP.HMF-3
28:  No JUnit test method defined for 'getPhone()' JUNIT.TEST-2
28:  The method 'getPhone' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
28:  Globally unused "public" method: getPhone() GLOBAL.UPPM-4
28:  Getter method 'getPhone()' is not declared "final" OPT.MAF-5
32:  Setter method 'setPhone()' is not declared "final" OPT.MAF-5
32:  No JUnit test method defined for 'setPhone()' JUNIT.TEST-2
32:  Globally unused "public" method: setPhone() GLOBAL.UPPM-4
32:  Formal parameter 'phone' is not declared as final CODSTA.BP.FPF-3
32:  The parameter 'phone' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
32:  Parameter 'phone' has the same name as a field OOP.HMF-3
36:  No JUnit test method defined for 'getMessage()' JUNIT.TEST-2
36:  The method 'getMessage' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
36:  Globally unused "public" method: getMessage() GLOBAL.UPPM-4
36:  Getter method 'getMessage()' is not declared "final" OPT.MAF-5
40:  Setter method 'setMessage()' is not declared "final" OPT.MAF-5
40:  No JUnit test method defined for 'setMessage()' JUNIT.TEST-2
40:  Globally unused "public" method: setMessage() GLOBAL.UPPM-4
40:  Formal parameter 'message' is not declared as final CODSTA.BP.FPF-3
40:  The parameter 'message' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
40:  Parameter 'message' has the same name as a field OOP.HMF-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/web/form/CustomerForm.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
8:  Public clone method missing CERT.OBJ05.MUCOP-1
8:  Static creation method missing CERT.OBJ05.MUCOP-1
8:  Copy constructor missing CERT.OBJ05.MUCOP-1
8:  Public clone method missing CERT.OBJ06.MUCOP-2
8:  Static creation method missing CERT.OBJ06.MUCOP-2
8:  Copy constructor missing CERT.OBJ06.MUCOP-2
8:  'clone()' method is missing CERT.OBJ07.MCNC-2
8:  Public clone method missing CERT.OBJ04.MUCOP-3
8:  Static creation method missing CERT.OBJ04.MUCOP-3
8:  Copy constructor missing CERT.OBJ04.MUCOP-3
8:  CustomerForm has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
8:  getter method without an @invariant contract: getCustomer() DBC.IGM-3
8:  getter method without an @invariant contract: getRepeatedPassword() DBC.IGM-3
8:  Missing Javadoc tag '@since' for class 'CustomerForm' JAVADOC.ECTT-3
8:  Public clone method missing OOP.MUCOP-3
8:  Static creation method missing OOP.MUCOP-3
8:  Copy constructor missing OOP.MUCOP-3
8:  Globally unused "public" class: com.parasoft.parabank.web.form.CustomerForm GLOBAL.UPPC-4
8:  Missing '@author' Javadoc tag: CustomerForm JAVADOC.MAJDT-4
8:  'writeObject()' method is missing CWE.499.SER-5
8:  'clone()' method is missing SECURITY.WSC.MCNC-5
8:  'writeObject()' method is missing SECURITY.WSC.SER-5
8:  "public" class without an '@invariant' contract: CustomerForm DBC.PUBC-3
8:  Missing '@version' Javadoc tag: CustomerForm JAVADOC.MVJDT-3
8:  Number of Javadoc comments are below thresholds (%): 13.0 METRICS.PJDC-3
8:  'readObject()' method is missing SECURITY.WSC.DSER-5
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
13:  No JUnit test method defined for 'CustomerForm()' JUNIT.TEST-2
13:  Missing Javadoc comment for method 'CustomerForm()' JAVADOC.PJDM-3
13:  Globally unused "public" constructor CustomerForm() GLOBAL.UPPM-4
13:  Field 'repeatedPassword', declared on line 11, is not initialized in this constructor nor in its declaration INIT.CSI-4
13:  Formal parameter 'customer' is not declared as final CODSTA.BP.FPF-3
13:  The parameter 'customer' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
13:  Parameter 'customer' has the same name as a field OOP.HMF-3
17:  No JUnit test method defined for 'CustomerForm()' JUNIT.TEST-2
17:  Missing Javadoc comment for method 'CustomerForm()' JAVADOC.PJDM-3
17:  Field 'repeatedPassword', declared on line 11, is not initialized in this constructor nor in its declaration INIT.CSI-4
21:  No JUnit test method defined for 'getCustomer()' JUNIT.TEST-2
21:  The method 'getCustomer' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
21:  Missing Javadoc comment for method 'getCustomer()' JAVADOC.PJDM-3
21:  Globally unused "public" method: getCustomer() GLOBAL.UPPM-4
21:  Getter method 'getCustomer()' is not declared "final" OPT.MAF-5
25:  Getter method 'getRepeatedPassword()' is not declared "final" OPT.MAF-5
25:  No JUnit test method defined for 'getRepeatedPassword()' JUNIT.TEST-2
25:  The method 'getRepeatedPassword' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
25:  Globally unused "public" method: getRepeatedPassword() GLOBAL.UPPM-4
29:  No JUnit test method defined for 'setRepeatedPassword()' JUNIT.TEST-2
29:  Globally unused "public" method: setRepeatedPassword() GLOBAL.UPPM-4
29:  Setter method 'setRepeatedPassword()' is not declared "final" OPT.MAF-5
29:  Formal parameter 'repeatedPassword' is not declared as final CODSTA.BP.FPF-3
29:  The parameter 'repeatedPassword' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
29:  Parameter 'repeatedPassword' has the same name as a field OOP.HMF-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/web/form/FindTransactionForm.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
8:  Public clone method missing CERT.OBJ05.MUCOP-1
8:  Static creation method missing CERT.OBJ05.MUCOP-1
8:  Copy constructor missing CERT.OBJ05.MUCOP-1
8:  Public clone method missing CERT.OBJ06.MUCOP-2
8:  Static creation method missing CERT.OBJ06.MUCOP-2
8:  Copy constructor missing CERT.OBJ06.MUCOP-2
8:  'clone()' method is missing CERT.OBJ07.MCNC-2
8:  Public clone method missing CERT.OBJ04.MUCOP-3
8:  Static creation method missing CERT.OBJ04.MUCOP-3
8:  Copy constructor missing CERT.OBJ04.MUCOP-3
8:  getter method without an @invariant contract: getAccountId() DBC.IGM-3
8:  getter method without an @invariant contract: getCriteria() DBC.IGM-3
8:  Missing Javadoc tag '@since' for class 'FindTransactionForm' JAVADOC.ECTT-3
8:  Public clone method missing OOP.MUCOP-3
8:  Static creation method missing OOP.MUCOP-3
8:  Copy constructor missing OOP.MUCOP-3
8:  Globally unused "public" class: com.parasoft.parabank.web.form.FindTransactionForm GLOBAL.UPPC-4
8:  Missing '@author' Javadoc tag: FindTransactionForm JAVADOC.MAJDT-4
8:  'writeObject()' method is missing CWE.499.SER-5
8:  'clone()' method is missing SECURITY.WSC.MCNC-5
8:  'writeObject()' method is missing SECURITY.WSC.SER-5
8:  "class" missing a no argument constructor: FindTransactionForm CODSTA.POD.DCTOR-5
8:  "public" class without an '@invariant' contract: FindTransactionForm DBC.PUBC-3
8:  Missing '@version' Javadoc tag: FindTransactionForm JAVADOC.MVJDT-3
8:  Number of Javadoc comments are below thresholds (%): 15.0 METRICS.PJDC-3
8:  'readObject()' method is missing SECURITY.WSC.DSER-5
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
9:  Field 'accountId' is not initialized in its declaration INIT.CSI-4
9:  Variable 'accountId' does not end with 'int' NAMING.UHN-4
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
10:  Field 'criteria' is not initialized in its declaration INIT.CSI-4
12:  No JUnit test method defined for 'getAccountId()' JUNIT.TEST-2
12:  Globally unused "public" method: getAccountId() GLOBAL.UPPM-4
12:  Getter method 'getAccountId()' is not declared "final" OPT.MAF-5
16:  Setter method 'setAccountId()' is not declared "final" OPT.MAF-5
16:  No JUnit test method defined for 'setAccountId()' JUNIT.TEST-2
16:  Globally unused "public" method: setAccountId() GLOBAL.UPPM-4
16:  Formal parameter 'accountId' is not declared as final CODSTA.BP.FPF-3
16:  The parameter 'accountId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
16:  Parameter 'accountId' has the same name as a field OOP.HMF-3
16:  Variable 'accountId' does not end with 'int' NAMING.UHN-4
20:  No JUnit test method defined for 'getCriteria()' JUNIT.TEST-2
20:  The method 'getCriteria' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
20:  Globally unused "public" method: getCriteria() GLOBAL.UPPM-4
20:  Getter method 'getCriteria()' is not declared "final" OPT.MAF-5
24:  Setter method 'setCriteria()' is not declared "final" OPT.MAF-5
24:  No JUnit test method defined for 'setCriteria()' JUNIT.TEST-2
24:  Globally unused "public" method: setCriteria() GLOBAL.UPPM-4
24:  Formal parameter 'criteria' is not declared as final CODSTA.BP.FPF-3
24:  The parameter 'criteria' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
24:  Parameter 'criteria' has the same name as a field OOP.HMF-3
27:  File should be terminated by a newline character APSC_DV.003215.TNL-3
27:  File should be terminated by a newline character FORMAT.TNL-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/web/form/LookupForm.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
8:  Public clone method missing CERT.OBJ05.MUCOP-1
8:  Static creation method missing CERT.OBJ05.MUCOP-1
8:  Copy constructor missing CERT.OBJ05.MUCOP-1
8:  Public clone method missing CERT.OBJ06.MUCOP-2
8:  Static creation method missing CERT.OBJ06.MUCOP-2
8:  Copy constructor missing CERT.OBJ06.MUCOP-2
8:  'clone()' method is missing CERT.OBJ07.MCNC-2
8:  Public clone method missing CERT.OBJ04.MUCOP-3
8:  Static creation method missing CERT.OBJ04.MUCOP-3
8:  Copy constructor missing CERT.OBJ04.MUCOP-3
8:  getter method without an @invariant contract: getFirstName() DBC.IGM-3
8:  getter method without an @invariant contract: getLastName() DBC.IGM-3
8:  getter method without an @invariant contract: getAddress() DBC.IGM-3
8:  getter method without an @invariant contract: getSsn() DBC.IGM-3
8:  Missing Javadoc tag '@since' for class 'LookupForm' JAVADOC.ECTT-3
8:  Public clone method missing OOP.MUCOP-3
8:  Static creation method missing OOP.MUCOP-3
8:  Copy constructor missing OOP.MUCOP-3
8:  Globally unused "public" class: com.parasoft.parabank.web.form.LookupForm GLOBAL.UPPC-4
8:  Missing '@author' Javadoc tag: LookupForm JAVADOC.MAJDT-4
8:  'writeObject()' method is missing CWE.499.SER-5
8:  'clone()' method is missing SECURITY.WSC.MCNC-5
8:  'writeObject()' method is missing SECURITY.WSC.SER-5
8:  "class" missing a no argument constructor: LookupForm CODSTA.POD.DCTOR-5
8:  "public" class without an '@invariant' contract: LookupForm DBC.PUBC-3
8:  Missing '@version' Javadoc tag: LookupForm JAVADOC.MVJDT-3
8:  Number of Javadoc comments are below thresholds (%): 8.0 METRICS.PJDC-3
8:  'readObject()' method is missing SECURITY.WSC.DSER-5
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
9:  Field 'firstName' is not initialized in its declaration INIT.CSI-4
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
10:  Field 'lastName' is not initialized in its declaration INIT.CSI-4
11:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
11:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
11:  Field 'address' is not initialized in its declaration INIT.CSI-4
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
12:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
12:  Field 'ssn' is not initialized in its declaration INIT.CSI-4
14:  No JUnit test method defined for 'getFirstName()' JUNIT.TEST-2
14:  The method 'getFirstName' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
14:  Globally unused "public" method: getFirstName() GLOBAL.UPPM-4
14:  Getter method 'getFirstName()' is not declared "final" OPT.MAF-5
18:  Setter method 'setFirstName()' is not declared "final" OPT.MAF-5
18:  No JUnit test method defined for 'setFirstName()' JUNIT.TEST-2
18:  Globally unused "public" method: setFirstName() GLOBAL.UPPM-4
18:  Formal parameter 'firstName' is not declared as final CODSTA.BP.FPF-3
18:  The parameter 'firstName' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
18:  Parameter 'firstName' has the same name as a field OOP.HMF-3
22:  No JUnit test method defined for 'getLastName()' JUNIT.TEST-2
22:  The method 'getLastName' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
22:  Globally unused "public" method: getLastName() GLOBAL.UPPM-4
22:  Getter method 'getLastName()' is not declared "final" OPT.MAF-5
26:  Setter method 'setLastName()' is not declared "final" OPT.MAF-5
26:  No JUnit test method defined for 'setLastName()' JUNIT.TEST-2
26:  Globally unused "public" method: setLastName() GLOBAL.UPPM-4
26:  Formal parameter 'lastName' is not declared as final CODSTA.BP.FPF-3
26:  The parameter 'lastName' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
26:  Parameter 'lastName' has the same name as a field OOP.HMF-3
30:  No JUnit test method defined for 'getAddress()' JUNIT.TEST-2
30:  The method 'getAddress' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
30:  Globally unused "public" method: getAddress() GLOBAL.UPPM-4
30:  Getter method 'getAddress()' is not declared "final" OPT.MAF-5
34:  Setter method 'setAddress()' is not declared "final" OPT.MAF-5
34:  No JUnit test method defined for 'setAddress()' JUNIT.TEST-2
34:  Globally unused "public" method: setAddress() GLOBAL.UPPM-4
34:  Formal parameter 'address' is not declared as final CODSTA.BP.FPF-3
34:  The parameter 'address' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
34:  Parameter 'address' has the same name as a field OOP.HMF-3
38:  No JUnit test method defined for 'getSsn()' JUNIT.TEST-2
38:  The method 'getSsn' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
38:  Globally unused "public" method: getSsn() GLOBAL.UPPM-4
38:  Getter method 'getSsn()' is not declared "final" OPT.MAF-5
42:  Setter method 'setSsn()' is not declared "final" OPT.MAF-5
42:  No JUnit test method defined for 'setSsn()' JUNIT.TEST-2
42:  Globally unused "public" method: setSsn() GLOBAL.UPPM-4
42:  Formal parameter 'ssn' is not declared as final CODSTA.BP.FPF-3
42:  The parameter 'ssn' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
42:  Parameter 'ssn' has the same name as a field OOP.HMF-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/web/form/OpenAccountForm.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
8:  Public clone method missing CERT.OBJ05.MUCOP-1
8:  Static creation method missing CERT.OBJ05.MUCOP-1
8:  Copy constructor missing CERT.OBJ05.MUCOP-1
8:  Public clone method missing CERT.OBJ06.MUCOP-2
8:  Static creation method missing CERT.OBJ06.MUCOP-2
8:  Copy constructor missing CERT.OBJ06.MUCOP-2
8:  'clone()' method is missing CERT.OBJ07.MCNC-2
8:  Public clone method missing CERT.OBJ04.MUCOP-3
8:  Static creation method missing CERT.OBJ04.MUCOP-3
8:  Copy constructor missing CERT.OBJ04.MUCOP-3
8:  getter method without an @invariant contract: getType() DBC.IGM-3
8:  getter method without an @invariant contract: getFromAccountId() DBC.IGM-3
8:  Missing Javadoc tag '@since' for class 'OpenAccountForm' JAVADOC.ECTT-3
8:  Public clone method missing OOP.MUCOP-3
8:  Static creation method missing OOP.MUCOP-3
8:  Copy constructor missing OOP.MUCOP-3
8:  Globally unused "public" class: com.parasoft.parabank.web.form.OpenAccountForm GLOBAL.UPPC-4
8:  Missing '@author' Javadoc tag: OpenAccountForm JAVADOC.MAJDT-4
8:  'writeObject()' method is missing CWE.499.SER-5
8:  'clone()' method is missing SECURITY.WSC.MCNC-5
8:  'writeObject()' method is missing SECURITY.WSC.SER-5
8:  "class" missing a no argument constructor: OpenAccountForm CODSTA.POD.DCTOR-5
8:  "public" class without an '@invariant' contract: OpenAccountForm DBC.PUBC-3
8:  Missing '@version' Javadoc tag: OpenAccountForm JAVADOC.MVJDT-3
8:  Number of Javadoc comments are below thresholds (%): 15.0 METRICS.PJDC-3
8:  'readObject()' method is missing SECURITY.WSC.DSER-5
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
9:  Field 'type' is not initialized in its declaration INIT.CSI-4
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
10:  Field 'fromAccountId' is not initialized in its declaration INIT.CSI-4
10:  Variable 'fromAccountId' does not end with 'int' NAMING.UHN-4
12:  No JUnit test method defined for 'getType()' JUNIT.TEST-2
12:  The method 'getType' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
12:  Globally unused "public" method: getType() GLOBAL.UPPM-4
12:  Getter method 'getType()' is not declared "final" OPT.MAF-5
16:  Setter method 'setType()' is not declared "final" OPT.MAF-5
16:  No JUnit test method defined for 'setType()' JUNIT.TEST-2
16:  Globally unused "public" method: setType() GLOBAL.UPPM-4
16:  Formal parameter 'type' is not declared as final CODSTA.BP.FPF-3
16:  The parameter 'type' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
16:  Parameter 'type' has the same name as a field OOP.HMF-3
20:  No JUnit test method defined for 'getFromAccountId()' JUNIT.TEST-2
20:  Globally unused "public" method: getFromAccountId() GLOBAL.UPPM-4
20:  Getter method 'getFromAccountId()' is not declared "final" OPT.MAF-5
24:  Setter method 'setFromAccountId()' is not declared "final" OPT.MAF-5
24:  No JUnit test method defined for 'setFromAccountId()' JUNIT.TEST-2
24:  Globally unused "public" method: setFromAccountId() GLOBAL.UPPM-4
24:  Formal parameter 'fromAccountId' is not declared as final CODSTA.BP.FPF-3
24:  The parameter 'fromAccountId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
24:  Parameter 'fromAccountId' has the same name as a field OOP.HMF-3
24:  Variable 'fromAccountId' does not end with 'int' NAMING.UHN-4
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/web/form/RequestLoanForm.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
8:  Public clone method missing CERT.OBJ05.MUCOP-1
8:  Static creation method missing CERT.OBJ05.MUCOP-1
8:  Copy constructor missing CERT.OBJ05.MUCOP-1
8:  Public clone method missing CERT.OBJ06.MUCOP-2
8:  Static creation method missing CERT.OBJ06.MUCOP-2
8:  Copy constructor missing CERT.OBJ06.MUCOP-2
8:  'clone()' method is missing CERT.OBJ07.MCNC-2
8:  Public clone method missing CERT.OBJ04.MUCOP-3
8:  Static creation method missing CERT.OBJ04.MUCOP-3
8:  Copy constructor missing CERT.OBJ04.MUCOP-3
8:  getter method without an @invariant contract: getAmount() DBC.IGM-3
8:  getter method without an @invariant contract: getDownPayment() DBC.IGM-3
8:  getter method without an @invariant contract: getFromAccountId() DBC.IGM-3
8:  Missing Javadoc tag '@since' for class 'RequestLoanForm' JAVADOC.ECTT-3
8:  Public clone method missing OOP.MUCOP-3
8:  Static creation method missing OOP.MUCOP-3
8:  Copy constructor missing OOP.MUCOP-3
8:  Globally unused "public" class: com.parasoft.parabank.web.form.RequestLoanForm GLOBAL.UPPC-4
8:  Missing '@author' Javadoc tag: RequestLoanForm JAVADOC.MAJDT-4
8:  'writeObject()' method is missing CWE.499.SER-5
8:  'clone()' method is missing SECURITY.WSC.MCNC-5
8:  'writeObject()' method is missing SECURITY.WSC.SER-5
8:  "class" missing a no argument constructor: RequestLoanForm CODSTA.POD.DCTOR-5
8:  "public" class without an '@invariant' contract: RequestLoanForm DBC.PUBC-3
8:  Missing '@version' Javadoc tag: RequestLoanForm JAVADOC.MVJDT-3
8:  Number of Javadoc comments are below thresholds (%): 10.0 METRICS.PJDC-3
8:  'readObject()' method is missing SECURITY.WSC.DSER-5
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
9:  Field 'amount' is not initialized in its declaration INIT.CSI-4
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
10:  Field 'downPayment' is not initialized in its declaration INIT.CSI-4
11:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
11:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
11:  Field 'fromAccountId' is not initialized in its declaration INIT.CSI-4
11:  Variable 'fromAccountId' does not end with 'int' NAMING.UHN-4
13:  No JUnit test method defined for 'getAmount()' JUNIT.TEST-2
13:  The method 'getAmount' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
13:  Globally unused "public" method: getAmount() GLOBAL.UPPM-4
13:  Getter method 'getAmount()' is not declared "final" OPT.MAF-5
17:  Setter method 'setAmount()' is not declared "final" OPT.MAF-5
17:  No JUnit test method defined for 'setAmount()' JUNIT.TEST-2
17:  Globally unused "public" method: setAmount() GLOBAL.UPPM-4
17:  Formal parameter 'amount' is not declared as final CODSTA.BP.FPF-3
17:  The parameter 'amount' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
17:  Parameter 'amount' has the same name as a field OOP.HMF-3
21:  No JUnit test method defined for 'getDownPayment()' JUNIT.TEST-2
21:  The method 'getDownPayment' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
21:  Globally unused "public" method: getDownPayment() GLOBAL.UPPM-4
21:  Getter method 'getDownPayment()' is not declared "final" OPT.MAF-5
25:  Setter method 'setDownPayment()' is not declared "final" OPT.MAF-5
25:  No JUnit test method defined for 'setDownPayment()' JUNIT.TEST-2
25:  Globally unused "public" method: setDownPayment() GLOBAL.UPPM-4
25:  Formal parameter 'downPayment' is not declared as final CODSTA.BP.FPF-3
25:  The parameter 'downPayment' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
25:  Parameter 'downPayment' has the same name as a field OOP.HMF-3
29:  No JUnit test method defined for 'getFromAccountId()' JUNIT.TEST-2
29:  Globally unused "public" method: getFromAccountId() GLOBAL.UPPM-4
29:  Getter method 'getFromAccountId()' is not declared "final" OPT.MAF-5
33:  Setter method 'setFromAccountId()' is not declared "final" OPT.MAF-5
33:  No JUnit test method defined for 'setFromAccountId()' JUNIT.TEST-2
33:  Globally unused "public" method: setFromAccountId() GLOBAL.UPPM-4
33:  Formal parameter 'fromAccountId' is not declared as final CODSTA.BP.FPF-3
33:  The parameter 'fromAccountId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
33:  Parameter 'fromAccountId' has the same name as a field OOP.HMF-3
33:  Variable 'fromAccountId' does not end with 'int' NAMING.UHN-4
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/web/form/TransferForm.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  Javadoc comment could be refitted to a single line JAVADOC.SINGLE-3
8:  Public clone method missing CERT.OBJ05.MUCOP-1
8:  Static creation method missing CERT.OBJ05.MUCOP-1
8:  Copy constructor missing CERT.OBJ05.MUCOP-1
8:  Public clone method missing CERT.OBJ06.MUCOP-2
8:  Static creation method missing CERT.OBJ06.MUCOP-2
8:  Copy constructor missing CERT.OBJ06.MUCOP-2
8:  'clone()' method is missing CERT.OBJ07.MCNC-2
8:  Public clone method missing CERT.OBJ04.MUCOP-3
8:  Static creation method missing CERT.OBJ04.MUCOP-3
8:  Copy constructor missing CERT.OBJ04.MUCOP-3
8:  getter method without an @invariant contract: getAmount() DBC.IGM-3
8:  getter method without an @invariant contract: getFromAccountId() DBC.IGM-3
8:  getter method without an @invariant contract: getToAccountId() DBC.IGM-3
8:  Missing Javadoc tag '@since' for class 'TransferForm' JAVADOC.ECTT-3
8:  Public clone method missing OOP.MUCOP-3
8:  Static creation method missing OOP.MUCOP-3
8:  Copy constructor missing OOP.MUCOP-3
8:  Globally unused "public" class: com.parasoft.parabank.web.form.TransferForm GLOBAL.UPPC-4
8:  Missing '@author' Javadoc tag: TransferForm JAVADOC.MAJDT-4
8:  'writeObject()' method is missing CWE.499.SER-5
8:  'clone()' method is missing SECURITY.WSC.MCNC-5
8:  'writeObject()' method is missing SECURITY.WSC.SER-5
8:  "class" missing a no argument constructor: TransferForm CODSTA.POD.DCTOR-5
8:  "public" class without an '@invariant' contract: TransferForm DBC.PUBC-3
8:  Missing '@version' Javadoc tag: TransferForm JAVADOC.MVJDT-3
8:  Number of Javadoc comments are below thresholds (%): 10.0 METRICS.PJDC-3
8:  'readObject()' method is missing SECURITY.WSC.DSER-5
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
9:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
9:  Field 'amount' is not initialized in its declaration INIT.CSI-4
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
10:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
10:  Field 'fromAccountId' is not initialized in its declaration INIT.CSI-4
10:  Variable 'fromAccountId' does not end with 'int' NAMING.UHN-4
11:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) APSC_DV.003215.U2BL-3
11:  Use 1 blank line before every declaration of the same kind (or corresponding Javadoc) FORMAT.U2BL-3
11:  Field 'toAccountId' is not initialized in its declaration INIT.CSI-4
11:  Variable 'toAccountId' does not end with 'int' NAMING.UHN-4
13:  No JUnit test method defined for 'getAmount()' JUNIT.TEST-2
13:  The method 'getAmount' does not have a Javadoc comment describing whether or not the method can return null JAVADOC.CRN-3
13:  Globally unused "public" method: getAmount() GLOBAL.UPPM-4
13:  Getter method 'getAmount()' is not declared "final" OPT.MAF-5
17:  Setter method 'setAmount()' is not declared "final" OPT.MAF-5
17:  No JUnit test method defined for 'setAmount()' JUNIT.TEST-2
17:  Globally unused "public" method: setAmount() GLOBAL.UPPM-4
17:  Formal parameter 'amount' is not declared as final CODSTA.BP.FPF-3
17:  The parameter 'amount' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
17:  Parameter 'amount' has the same name as a field OOP.HMF-3
21:  No JUnit test method defined for 'getFromAccountId()' JUNIT.TEST-2
21:  Globally unused "public" method: getFromAccountId() GLOBAL.UPPM-4
21:  Getter method 'getFromAccountId()' is not declared "final" OPT.MAF-5
25:  Setter method 'setFromAccountId()' is not declared "final" OPT.MAF-5
25:  No JUnit test method defined for 'setFromAccountId()' JUNIT.TEST-2
25:  Globally unused "public" method: setFromAccountId() GLOBAL.UPPM-4
25:  Formal parameter 'fromAccountId' is not declared as final CODSTA.BP.FPF-3
25:  The parameter 'fromAccountId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
25:  Parameter 'fromAccountId' has the same name as a field OOP.HMF-3
25:  Variable 'fromAccountId' does not end with 'int' NAMING.UHN-4
29:  No JUnit test method defined for 'getToAccountId()' JUNIT.TEST-2
29:  Globally unused "public" method: getToAccountId() GLOBAL.UPPM-4
29:  Getter method 'getToAccountId()' is not declared "final" OPT.MAF-5
33:  Setter method 'setToAccountId()' is not declared "final" OPT.MAF-5
33:  No JUnit test method defined for 'setToAccountId()' JUNIT.TEST-2
33:  Globally unused "public" method: setToAccountId() GLOBAL.UPPM-4
33:  Formal parameter 'toAccountId' is not declared as final CODSTA.BP.FPF-3
33:  The parameter 'toAccountId' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
33:  Parameter 'toAccountId' has the same name as a field OOP.HMF-3
33:  Variable 'toAccountId' does not end with 'int' NAMING.UHN-4

dev - Nick Rapoport  Total Findings :  233 Back to Top    

/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/logic/impl/ConfigurableLoanProvider.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
6:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.LoanRequest CODSTA.ORG.ORIMP-5
8:  "import com.parasoft.parabank.domain.logic.AdminManager" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
8:  "import com.parasoft.parabank.domain.logic.AdminManager" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
10:  "import com.parasoft.parabank.service.AdminManagerAware" not separated by 1 blank line from previous "import" from a different package APSC_DV.003215.BLSIM-3
10:  "import com.parasoft.parabank.service.AdminManagerAware" not separated by 1 blank line from previous "import" from a different package FORMAT.BLSIM-3
12:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
12:  Use 2 blank lines before type declaration FORMAT.BLCD-3
24:  Line is longer than 80 characters: 104 APSC_DV.003215.LL-3
24:  Line is longer than 80 characters: 104 FORMAT.LL-3
24:  Public clone method missing CERT.OBJ05.MUCOP-1
24:  Static creation method missing CERT.OBJ05.MUCOP-1
24:  Copy constructor missing CERT.OBJ05.MUCOP-1
24:  Public clone method missing CERT.OBJ06.MUCOP-2
24:  Static creation method missing CERT.OBJ06.MUCOP-2
24:  Copy constructor missing CERT.OBJ06.MUCOP-2
24:  'clone()' method is missing CERT.OBJ07.MCNC-2
24:  Public clone method missing CERT.OBJ04.MUCOP-3
24:  Static creation method missing CERT.OBJ04.MUCOP-3
24:  Copy constructor missing CERT.OBJ04.MUCOP-3
24:  getter method without an @invariant contract: getAdminManager() DBC.IGM-3
24:  getter method without an @invariant contract: getLoanProviders() DBC.IGM-3
24:  getter method without an @invariant contract: getParameter() DBC.IGM-3
24:  Missing Javadoc tag '@since' for class 'ConfigurableLoanProvider' JAVADOC.ECTT-3
24:  Public clone method missing OOP.MUCOP-3
24:  Static creation method missing OOP.MUCOP-3
24:  Copy constructor missing OOP.MUCOP-3
24:  Globally unused "public" class: com.parasoft.parabank.domain.logic.impl.ConfigurableLoanProvider GLOBAL.UPPC-4
24:  'writeObject()' method is missing CWE.499.SER-5
24:  'clone()' method is missing SECURITY.WSC.MCNC-5
24:  'writeObject()' method is missing SECURITY.WSC.SER-5
24:  'readObject()' method is missing SECURITY.WSC.DSER-5
24:  "class" missing a no argument constructor: ConfigurableLoanProvider CODSTA.POD.DCTOR-5
24:  "public" class without an '@invariant' contract: ConfigurableLoanProvider DBC.PUBC-3
24:  Missing '@version' Javadoc tag: ConfigurableLoanProvider JAVADOC.MVJDT-3
24:  interface type 'LoanProvider' is used MOBILE.AUI-3
24:  interface type 'AdminManagerAware' is used MOBILE.AUI-3
24:  interface type 'LoanProviderMapAware' is used MOBILE.AUI-3
25:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
25:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
25:  interface type 'AdminManager' is used MOBILE.AUI-3
25:  Field 'adminManager' is not initialized in its declaration INIT.CSI-4
27:  interface type 'Map' is used MOBILE.AUI-3
27:  interface type 'LoanProvider' is used MOBILE.AUI-3
27:  Field 'loanProviders' is not initialized in its declaration INIT.CSI-4
29:  Field 'parameter' is not initialized in its declaration INIT.CSI-4
33:  interface type 'AdminManager' is used MOBILE.AUI-3
33:  No JUnit test method defined for 'getAdminManager()' JUNIT.TEST-2
33:  The method 'getAdminManager' should include an '@post' or '@return' tag describing whether or not the method can return null JAVADOC.CRN-3
33:  Missing Javadoc tag '@since' for method 'getAdminManager()' JAVADOC.ECTM-3
33:  "public" method without a '@post' contract: getAdminManager () DBC.PUBMPOST-3
33:  "public" method without a '@pre' contract: getAdminManager DBC.PUBMPRE-3
33:  Getter method 'getAdminManager()' is not declared "final" OPT.MAF-5
47:  interface type 'LoanProvider' is used MOBILE.AUI-3
47:  The '@post'/'@return' tag(s) for the method 'getLoanProvider' do not properly describe whether or not the method can return null JAVADOC.CRN-3
47:  "private" method without a '@post' contract: getLoanProvider () DBC.PRIMPOST-5
47:  "private" method without a '@pre' contract: getLoanProvider () DBC.PRIMPRE-5
48:  The declaration of the local variable 'type' is not followed by a comment CODSTA.READ.CLV-5
48:  Access the field 'parameter' directly instead of using the method 'getParameter' CODSTA.READ.AFD-3
48:  getter method 'getParameter' is used MOBILE.AMA-3
49:  Access the field 'loanProviders' directly instead of using the method 'getLoanProviders' CODSTA.READ.AFD-3
49:  The return value of 'getLoanProviders()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
49:  getter method 'getLoanProviders' is used MOBILE.AMA-3
54:  interface type 'Map' is used MOBILE.AUI-3
54:  interface type 'LoanProvider' is used MOBILE.AUI-3
54:  No JUnit test method defined for 'getLoanProviders()' JUNIT.TEST-2
54:  Elements in 'ConfigurableLoanProvider' not ordered appropriately, first violation: method 'getLoanProviders' at line 52 should be placed before method 'getLoanProvider' at line 37 CODSTA.ORG.FO-3
54:  The method 'getLoanProviders' should include an '@post' or '@return' tag describing whether or not the method can return null JAVADOC.CRN-3
54:  Missing Javadoc tag '@since' for method 'getLoanProviders()' JAVADOC.ECTM-3
54:  Method 'getLoanProviders()' should be declared "final" GLOBAL.SPPM-5
54:  "public" method without a '@post' contract: getLoanProviders () DBC.PUBMPOST-3
54:  "public" method without a '@pre' contract: getLoanProviders DBC.PUBMPRE-3
54:  Getter method 'getLoanProviders()' is not declared "final" OPT.MAF-5
60:  "public" method without a '@post' contract: getParameter () DBC.PUBMPOST-3
60:  "public" method without a '@pre' contract: getParameter DBC.PUBMPRE-3
60:  Getter method 'getParameter()' is not declared "final" OPT.MAF-5
60:  No JUnit test method defined for 'getParameter()' JUNIT.TEST-2
60:  The method 'getParameter' should include an '@post' or '@return' tag describing whether or not the method can return null JAVADOC.CRN-3
60:  Missing Javadoc tag '@since' for method 'getParameter()' JAVADOC.ECTM-3
60:  Method 'getParameter()' should be declared "final" GLOBAL.SPPM-5
66:  interface type 'Set' is used MOBILE.AUI-3
66:  No JUnit test method defined for 'getProviderNames()' JUNIT.TEST-2
66:  The method 'getProviderNames' should include an '@post' or '@return' tag describing whether or not the method can return null JAVADOC.CRN-3
66:  Missing Javadoc tag '@since' for method 'getProviderNames()' JAVADOC.ECTM-3
66:  "public" method without a '@post' contract: getProviderNames () DBC.PUBMPOST-3
66:  "public" method without a '@pre' contract: getProviderNames DBC.PUBMPRE-3
67:  Access the field 'loanProviders' directly instead of using the method 'getLoanProviders' CODSTA.READ.AFD-3
67:  The return value of 'getLoanProviders()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
67:  getter method 'getLoanProviders' is used MOBILE.AMA-3
72:  No JUnit test method defined for 'requestLoan()' JUNIT.TEST-2
72:  The method 'requestLoan' should include an '@post' or '@return' tag describing whether or not the method can return null JAVADOC.CRN-3
72:  Missing Javadoc tag '@since' for method 'requestLoan()' JAVADOC.ECTM-3
72:  "public" method without a '@post' contract: requestLoan () DBC.PUBMPOST-3
72:  "public" method without a '@pre' contract: requestLoan DBC.PUBMPRE-3
 +  72:  Method "requestLoan" is calling itself BD.PB.RECFUN-5
73:  The return value of 'getLoanProvider()' is not guaranteed by a DbC annotation to be non-null DBC.IMNR-3
78:  No JUnit test method defined for 'setAdminManager()' JUNIT.TEST-2
78:  Missing Javadoc tag '@since' for method 'setAdminManager()' JAVADOC.ECTM-3
78:  "public" method without a '@post' contract: setAdminManager () DBC.PUBMPOST-3
78:  "public" method without a '@pre' contract: setAdminManager DBC.PUBMPRE-3
78:  Setter method 'setAdminManager()' is not declared "final" OPT.MAF-5
78:  interface type 'AdminManager' is used MOBILE.AUI-3
78:  The parameter 'adminManager' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
78:  Parameter 'adminManager' has the same name as a field OOP.HMF-3
84:  Line is longer than 80 characters: 81 APSC_DV.003215.LL-3
84:  Line is longer than 80 characters: 81 FORMAT.LL-3
84:  No JUnit test method defined for 'setLoanProviders()' JUNIT.TEST-2
84:  Missing Javadoc tag '@since' for method 'setLoanProviders()' JAVADOC.ECTM-3
84:  "public" method without a '@post' contract: setLoanProviders () DBC.PUBMPOST-3
84:  "public" method without a '@pre' contract: setLoanProviders DBC.PUBMPRE-3
84:  Setter method 'setLoanProviders()' is not declared "final" OPT.MAF-5
84:  interface type 'Map' is used MOBILE.AUI-3
84:  interface type 'LoanProvider' is used MOBILE.AUI-3
84:  The parameter 'loanProviders' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
84:  Parameter 'loanProviders' has the same name as a field OOP.HMF-3
90:  No JUnit test method defined for 'setParameter()' JUNIT.TEST-2
90:  Missing Javadoc tag '@since' for method 'setParameter()' JAVADOC.ECTM-3
90:  "public" method without a '@post' contract: setParameter () DBC.PUBMPOST-3
90:  "public" method without a '@pre' contract: setParameter DBC.PUBMPRE-3
90:  Setter method 'setParameter()' is not declared "final" OPT.MAF-5
90:  The parameter 'parameter' uses the same name as a field declared in an enclosing scope, which may cause confusion OOP.HIF-3
90:  Parameter 'parameter' has the same name as a field OOP.HMF-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/domain/logic/impl/LoanProviderMapAware.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
6:  "import" not presented in alphabetical order: com.parasoft.parabank.domain.logic.LoanProvider CODSTA.ORG.ORIMP-5
8:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
8:  Use 2 blank lines before type declaration FORMAT.BLCD-3
21:  Public clone method missing CERT.OBJ05.MUCOP-1
21:  Static creation method missing CERT.OBJ05.MUCOP-1
21:  Copy constructor missing CERT.OBJ05.MUCOP-1
21:  Public clone method missing CERT.OBJ06.MUCOP-2
21:  Static creation method missing CERT.OBJ06.MUCOP-2
21:  Copy constructor missing CERT.OBJ06.MUCOP-2
21:  'clone()' method is missing CERT.OBJ07.MCNC-2
21:  Public clone method missing CERT.OBJ04.MUCOP-3
21:  Static creation method missing CERT.OBJ04.MUCOP-3
21:  Copy constructor missing CERT.OBJ04.MUCOP-3
21:  Missing Javadoc tag '@since' for interface 'LoanProviderMapAware' JAVADOC.ECTT-3
21:  Public clone method missing OOP.MUCOP-3
21:  Static creation method missing OOP.MUCOP-3
21:  Copy constructor missing OOP.MUCOP-3
21:  Interface 'com.parasoft.parabank.domain.logic.impl.LoanProviderMapAware' should be declared "package-private" GLOBAL.DPPC-4
21:  'writeObject()' method is missing CWE.499.SER-5
21:  'clone()' method is missing SECURITY.WSC.MCNC-5
21:  'writeObject()' method is missing SECURITY.WSC.SER-5
21:  Missing '@version' Javadoc tag: LoanProviderMapAware JAVADOC.MVJDT-3
33:  interface type 'Map' is used MOBILE.AUI-3
33:  interface type 'LoanProvider' is used MOBILE.AUI-3
33:  The '@post'/'@return' tag(s) for the method 'getLoanProviders' do not properly describe whether or not the method can return null JAVADOC.CRN-3
33:  "public" method without a '@post' contract: getLoanProviders () DBC.PUBMPOST-3
33:  "public" method without a '@pre' contract: getLoanProviders DBC.PUBMPRE-3
45:  "public" method without a '@post' contract: getParameter () DBC.PUBMPOST-3
45:  "public" method without a '@pre' contract: getParameter DBC.PUBMPRE-3
45:  The '@post'/'@return' tag(s) for the method 'getParameter' do not properly describe whether or not the method can return null JAVADOC.CRN-3
57:  interface type 'Set' is used MOBILE.AUI-3
57:  The '@post'/'@return' tag(s) for the method 'getProviderNames' do not properly describe whether or not the method can return null JAVADOC.CRN-3
57:  "public" method without a '@post' contract: getProviderNames () DBC.PUBMPOST-3
57:  "public" method without a '@pre' contract: getProviderNames DBC.PUBMPRE-3
70:  "public" method without a '@post' contract: setLoanProviders () DBC.PUBMPOST-3
70:  "public" method without a '@pre' contract: setLoanProviders DBC.PUBMPRE-3
70:  interface type 'Map' is used MOBILE.AUI-3
70:  interface type 'LoanProvider' is used MOBILE.AUI-3
83:  "public" method without a '@post' contract: setParameter () DBC.PUBMPOST-3
83:  "public" method without a '@pre' contract: setParameter DBC.PUBMPRE-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/service/LoanProcessorAware.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
5:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
5:  Use 2 blank lines before type declaration FORMAT.BLCD-3
5:  The code contains a "TODO" comment: "* <DL><DT>Description:</DT><DD> * TODO add description * </DD> * <DT>Date:</DT><DD>Jun 6, 2016</DD> * </DL> * * @author dev - Nick Rapoport *" CODSTA.ORG.TODOJAVA-4
5:  The code contains a "TODO" comment: "* <DL><DT>Description:</DT><DD> * TODO add description * </DD> * <DT>Date:</DT><DD>Jun 6, 2016</DD> * </DL> * * @author dev - Nick Rapoport *" CWE.546.TODOJAVA-4
15:  Public clone method missing CERT.OBJ05.MUCOP-1
15:  Static creation method missing CERT.OBJ05.MUCOP-1
15:  Copy constructor missing CERT.OBJ05.MUCOP-1
15:  Public clone method missing CERT.OBJ06.MUCOP-2
15:  Static creation method missing CERT.OBJ06.MUCOP-2
15:  Copy constructor missing CERT.OBJ06.MUCOP-2
15:  'clone()' method is missing CERT.OBJ07.MCNC-2
15:  Public clone method missing CERT.OBJ04.MUCOP-3
15:  Static creation method missing CERT.OBJ04.MUCOP-3
15:  Copy constructor missing CERT.OBJ04.MUCOP-3
15:  Missing Javadoc tag '@since' for interface 'LoanProcessorAware' JAVADOC.ECTT-3
15:  Public clone method missing OOP.MUCOP-3
15:  Static creation method missing OOP.MUCOP-3
15:  Copy constructor missing OOP.MUCOP-3
15:  Interface 'com.parasoft.parabank.service.LoanProcessorAware' should be declared "package-private" GLOBAL.DPPC-4
15:  'writeObject()' method is missing CWE.499.SER-5
15:  'clone()' method is missing SECURITY.WSC.MCNC-5
15:  'writeObject()' method is missing SECURITY.WSC.SER-5
15:  Missing '@version' Javadoc tag: LoanProcessorAware JAVADOC.MVJDT-3
17:  The code contains a "TODO" comment: "* <DL><DT>Description:</DT><DD> * TODO add setLoanProcessor description * </DD> * <DT>Date:</DT><DD>Jun 6, 2016</DD> * </DL> * @param loanProcessor" CODSTA.ORG.TODOJAVA-4
17:  The code contains a "TODO" comment: "* <DL><DT>Description:</DT><DD> * TODO add setLoanProcessor description * </DD> * <DT>Date:</DT><DD>Jun 6, 2016</DD> * </DL> * @param loanProcessor" CWE.546.TODOJAVA-4
23:  This '@param' tag does not contain a meaningful description of the parameter JAVADOC.MDJT-3
25:  "public" method without a '@post' contract: setLoanProcessor () DBC.PUBMPOST-3
25:  "public" method without a '@pre' contract: setLoanProcessor DBC.PUBMPRE-3
25:  interface type 'LoanProvider' is used MOBILE.AUI-3
35:  interface type 'LoanProvider' is used MOBILE.AUI-3
35:  The '@post'/'@return' tag(s) for the method 'getLoanProcessor' do not properly describe whether or not the method can return null JAVADOC.CRN-3
35:  "public" method without a '@post' contract: getLoanProcessor () DBC.PUBMPOST-3
35:  "public" method without a '@pre' contract: getLoanProcessor DBC.PUBMPRE-3
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/service/LoanProviderNameAware.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  The code contains a "TODO" comment: "* <DL><DT>Description:</DT><DD> * TODO add description * </DD> * <DT>Date:</DT><DD>Jun 6, 2016</DD> * </DL> * * @author dev - Nick Rapoport *" CODSTA.ORG.TODOJAVA-4
3:  The code contains a "TODO" comment: "* <DL><DT>Description:</DT><DD> * TODO add description * </DD> * <DT>Date:</DT><DD>Jun 6, 2016</DD> * </DL> * * @author dev - Nick Rapoport *" CWE.546.TODOJAVA-4
13:  Public clone method missing CERT.OBJ05.MUCOP-1
13:  Static creation method missing CERT.OBJ05.MUCOP-1
13:  Copy constructor missing CERT.OBJ05.MUCOP-1
13:  Public clone method missing CERT.OBJ06.MUCOP-2
13:  Static creation method missing CERT.OBJ06.MUCOP-2
13:  Copy constructor missing CERT.OBJ06.MUCOP-2
13:  'clone()' method is missing CERT.OBJ07.MCNC-2
13:  Public clone method missing CERT.OBJ04.MUCOP-3
13:  Static creation method missing CERT.OBJ04.MUCOP-3
13:  Copy constructor missing CERT.OBJ04.MUCOP-3
13:  Missing Javadoc tag '@since' for interface 'LoanProviderNameAware' JAVADOC.ECTT-3
13:  Public clone method missing OOP.MUCOP-3
13:  Static creation method missing OOP.MUCOP-3
13:  Copy constructor missing OOP.MUCOP-3
13:  Interface 'com.parasoft.parabank.service.LoanProviderNameAware' should be declared "package-private" GLOBAL.DPPC-4
13:  'writeObject()' method is missing CWE.499.SER-5
13:  'clone()' method is missing SECURITY.WSC.MCNC-5
13:  'writeObject()' method is missing SECURITY.WSC.SER-5
13:  Missing '@version' Javadoc tag: LoanProviderNameAware JAVADOC.MVJDT-3
15:  The code contains a "TODO" comment: "* <DL><DT>Description:</DT><DD> * TODO add setLoanProviderName description * </DD> * <DT>Date:</DT><DD>Jun 6, 2016</DD> * </DL> * @param loanProviderName" CODSTA.ORG.TODOJAVA-4
15:  The code contains a "TODO" comment: "* <DL><DT>Description:</DT><DD> * TODO add setLoanProviderName description * </DD> * <DT>Date:</DT><DD>Jun 6, 2016</DD> * </DL> * @param loanProviderName" CWE.546.TODOJAVA-4
21:  This '@param' tag does not contain a meaningful description of the parameter JAVADOC.MDJT-3
23:  "public" method without a '@post' contract: setLoanProviderName () DBC.PUBMPOST-3
23:  "public" method without a '@pre' contract: setLoanProviderName DBC.PUBMPRE-3
33:  "public" method without a '@post' contract: getLoanProviderName () DBC.PUBMPOST-3
33:  "public" method without a '@pre' contract: getLoanProviderName DBC.PUBMPRE-3
33:  The '@post'/'@return' tag(s) for the method 'getLoanProviderName' do not properly describe whether or not the method can return null JAVADOC.CRN-3

nrapo - Nick Rapoport  Total Findings :  147 Back to Top    

/com.parasoft:parabank/src/main/java/com/parasoft/parabank/util/HostPort.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
3:  The code contains a "TODO" comment: "* <DL> * <DT>Description:</DT> * <DD>TODO add description</DD> * <DT>Date:</DT> * <DD>Oct 9, 2015</DD> * </DL> * * @author nrapo - Nick Rapoport *" CODSTA.ORG.TODOJAVA-4
3:  The code contains a "TODO" comment: "* <DL> * <DT>Description:</DT> * <DD>TODO add description</DD> * <DT>Date:</DT> * <DD>Oct 9, 2015</DD> * </DL> * * @author nrapo - Nick Rapoport *" CWE.546.TODOJAVA-4
14:  Public clone method missing CERT.OBJ05.MUCOP-1
14:  Static creation method missing CERT.OBJ05.MUCOP-1
14:  Copy constructor missing CERT.OBJ05.MUCOP-1
14:  Public clone method missing CERT.OBJ06.MUCOP-2
14:  Static creation method missing CERT.OBJ06.MUCOP-2
14:  Copy constructor missing CERT.OBJ06.MUCOP-2
14:  'clone()' method is missing CERT.OBJ07.MCNC-2
14:  Public clone method missing CERT.OBJ04.MUCOP-3
14:  Static creation method missing CERT.OBJ04.MUCOP-3
14:  Copy constructor missing CERT.OBJ04.MUCOP-3
14:  HostPort has multiple constructors and should use chain constructors CODSTA.POD.CHAIN-3
14:  getter method without an @invariant contract: getHost() DBC.IGM-3
14:  getter method without an @invariant contract: getPort() DBC.IGM-3
14:  Missing Javadoc tag '@since' for class 'HostPort' JAVADOC.ECTT-3
14:  Public clone method missing OOP.MUCOP-3
14:  Static creation method missing OOP.MUCOP-3
14:  Copy constructor missing OOP.MUCOP-3
14:  Globally unused "public" class: com.parasoft.parabank.util.HostPort GLOBAL.UPPC-4
14:  'writeObject()' method is missing CWE.499.SER-5
14:  'clone()' method is missing SECURITY.WSC.MCNC-5
14:  'writeObject()' method is missing SECURITY.WSC.SER-5
14:  "public" class without an '@invariant' contract: HostPort DBC.PUBC-3
14:  Missing '@version' Javadoc tag: HostPort JAVADOC.MVJDT-3
14:  'readObject()' method is missing SECURITY.WSC.DSER-5
15:  Use 1 blank line before every field declaration (or corresponding Javadoc) APSC_DV.003215.U2BL-3
15:  Use 1 blank line before every field declaration (or corresponding Javadoc) FORMAT.U2BL-3
17:  Variable 'port' does not end with 'int' NAMING.UHN-4
27:  No JUnit test method defined for 'HostPort()' JUNIT.TEST-2
27:  Missing Javadoc tag '@since' for method 'HostPort()' JAVADOC.ECTM-3
27:  Field 'port', declared on line 17, is not initialized in this constructor nor in its declaration INIT.CSI-4
27:  Field 'host', declared on line 15, is not initialized in this constructor nor in its declaration INIT.CSI-4
27:  "public" method without a '@post' contract: HostPort () DBC.PUBMPOST-3
27:  "public" method without a '@pre' contract: HostPort DBC.PUBMPRE-3
27:  This block should contain a comment explaining why it is empty CODSTA.READ.CEB-3
39:  This '@param' tag does not contain a meaningful description of the parameter JAVADOC.MDJT-3
40:  This '@param' tag does not contain a meaningful description of the parameter JAVADOC.MDJT-3
42:  No JUnit test method defined for 'HostPort()' JUNIT.TEST-2
42:  Missing Javadoc tag '@since' for method 'HostPort()' JAVADOC.ECTM-3
42:  Globally unused "public" constructor HostPort() GLOBAL.UPPM-4
42:  "public" method without a '@post' contract: HostPort () DBC.PUBMPOST-3
42:  "public" method without a '@pre' contract: HostPort DBC.PUBMPRE-3
42:  Variable 'aPort' does not end with 'int' NAMING.UHN-4
58:  No JUnit test method defined for 'getHost()' JUNIT.TEST-2
58:  The '@post'/'@return' tag(s) for the method 'getHost' do not properly describe whether or not the method can return null JAVADOC.CRN-3
58:  Missing Javadoc tag '@since' for method 'getHost()' JAVADOC.ECTM-3
58:  Method 'getHost()' should be declared "private" CWE.749.DPPM-4
58:  Method 'getHost()' should be declared "private" GLOBAL.DPPM-4
58:  Method 'getHost()' should be declared "final" GLOBAL.SPPM-5
58:  "public" method without a '@post' contract: getHost () DBC.PUBMPOST-3
58:  "public" method without a '@pre' contract: getHost DBC.PUBMPRE-3
58:  Getter method 'getHost()' is not declared "final" OPT.MAF-5
72:  "public" method without a '@post' contract: getPort () DBC.PUBMPOST-3
72:  "public" method without a '@pre' contract: getPort DBC.PUBMPRE-3
72:  Getter method 'getPort()' is not declared "final" OPT.MAF-5
72:  No JUnit test method defined for 'getPort()' JUNIT.TEST-2
72:  Missing Javadoc tag '@since' for method 'getPort()' JAVADOC.ECTM-3
72:  Method 'getPort()' should be declared "private" CWE.749.DPPM-4
72:  Method 'getPort()' should be declared "private" GLOBAL.DPPM-4
72:  Method 'getPort()' should be declared "final" GLOBAL.SPPM-5
92:  No JUnit test method defined for 'isHostSet()' JUNIT.TEST-2
92:  Missing Javadoc tag '@since' for method 'isHostSet()' JAVADOC.ECTM-3
92:  Method 'isHostSet()' should be declared "private" CWE.749.DPPM-4
92:  Method 'isHostSet()' should be declared "private" GLOBAL.DPPM-4
92:  Method 'isHostSet()' should be declared "final" GLOBAL.SPPM-5
92:  "public" method without a '@post' contract: isHostSet () DBC.PUBMPOST-3
92:  "public" method without a '@pre' contract: isHostSet DBC.PUBMPRE-3
93:  Missing '()' to separate complex expression APSC_DV.003215.APAREN-3
93:  Missing '()' to separate complex expression FORMAT.APAREN-3
93:  "!=" is used when comparing 'String' Objects. 'equals()' should be used instead CWE.595.UEIC-2
93:  "!=" is used when comparing 'String' Objects. 'equals()' should be used instead PB.CUB.UEIC-2
93:  Missing '()' to separate complex expression APSC_DV.003215.APAREN-3
93:  "!=" is used when comparing 'String' Objects. 'equals()' should be used instead CERT.EXP02.UEIC-3
93:  "!=" is used when comparing 'String' Objects. 'equals()' should be used instead CERT.EXP03.UEIC-3
93:  Missing '()' to separate complex expression FORMAT.APAREN-3
93:  The String literal "" is used SECURITY.WSC.SL-3
112:  "public" method without a '@post' contract: isPortSet () DBC.PUBMPOST-3
112:  "public" method without a '@pre' contract: isPortSet DBC.PUBMPRE-3
112:  No JUnit test method defined for 'isPortSet()' JUNIT.TEST-2
112:  Missing Javadoc tag '@since' for method 'isPortSet()' JAVADOC.ECTM-3
112:  Method 'isPortSet()' should be declared "private" CWE.749.DPPM-4
112:  Method 'isPortSet()' should be declared "private" GLOBAL.DPPM-4
112:  Method 'isPortSet()' should be declared "final" GLOBAL.SPPM-5
127:  No JUnit test method defined for 'setHost()' JUNIT.TEST-2
127:  Missing Javadoc tag '@since' for method 'setHost()' JAVADOC.ECTM-3
127:  Globally unused "public" method: setHost() GLOBAL.UPPM-4
127:  "public" method without a '@post' contract: setHost () DBC.PUBMPOST-3
127:  "public" method without a '@pre' contract: setHost DBC.PUBMPRE-3
127:  Setter method 'setHost()' is not declared "final" OPT.MAF-5
142:  "public" method without a '@post' contract: setPort () DBC.PUBMPOST-3
142:  "public" method without a '@pre' contract: setPort DBC.PUBMPRE-3
142:  Setter method 'setPort()' is not declared "final" OPT.MAF-5
142:  No JUnit test method defined for 'setPort()' JUNIT.TEST-2
142:  Missing Javadoc tag '@since' for method 'setPort()' JAVADOC.ECTM-3
142:  Globally unused "public" method: setPort() GLOBAL.UPPM-4
142:  Variable 'aPort' does not end with 'int' NAMING.UHN-4
160:  The '@post'/'@return' tag(s) for the method 'toString' do not properly describe whether or not the method can return null JAVADOC.CRN-3
160:  Missing Javadoc tag '@since' for method 'toString()' JAVADOC.ECTM-3
160:  "public" method without a '@post' contract: toString () DBC.PUBMPOST-3
160:  "public" method without a '@pre' contract: toString DBC.PUBMPRE-3
161:  Line is longer than 80 characters: 90 APSC_DV.003215.LL-3
161:  Line is longer than 80 characters: 90 FORMAT.LL-3
161:  The declaration of the local variable 'sb' is not followed by a comment CODSTA.READ.CLV-5
161:  Access the field 'host' directly instead of using the method 'getHost' CODSTA.READ.AFD-3
161:  getter method 'getHost' is used MOBILE.AMA-3
161:  Non internationalized string: "localhost" INTER.ITT-3
162:  Single character ':' using double quotes in string concatenation OPT.STR-3
162:  The literal ":" used instead of "File.pathSeparator" PORT.PSC-3
162:  The String literal ":" is used SECURITY.WSC.SL-3
162:  Called 'toString()' implicitly on a numeric object INTER.NTS-4
162:  Access the field 'port' directly instead of using the method 'getPort' CODSTA.READ.AFD-3
162:  getter method 'getPort' is used MOBILE.AMA-3
162:  Literal constant is used: 8080 CODSTA.READ.USN-2
/com.parasoft:parabank/src/main/java/com/parasoft/parabank/util/IAccessModeControllerAware.java
1:  This source file does not include a file header comment FORMAT.MCH-2
1:  This source file does not include a file header comment APSC_DV.003215.MCH-3
3:  Use 2 blank lines before type declaration APSC_DV.003215.BLCD-3
3:  Use 2 blank lines before type declaration FORMAT.BLCD-3
6:  Comment line is longer than 80 characters: 87 APSC_DV.003215.LL-3
6:  Comment line is longer than 80 characters: 87 FORMAT.LL-3
14:  Public clone method missing CERT.OBJ05.MUCOP-1
14:  Static creation method missing CERT.OBJ05.MUCOP-1
14:  Copy constructor missing CERT.OBJ05.MUCOP-1
14:  Public clone method missing CERT.OBJ06.MUCOP-2
14:  Static creation method missing CERT.OBJ06.MUCOP-2
14:  Copy constructor missing CERT.OBJ06.MUCOP-2
14:  'clone()' method is missing CERT.OBJ07.MCNC-2
14:  Public clone method missing CERT.OBJ04.MUCOP-3
14:  Static creation method missing CERT.OBJ04.MUCOP-3
14:  Copy constructor missing CERT.OBJ04.MUCOP-3
14:  Missing Javadoc tag '@since' for interface 'IAccessModeControllerAware' JAVADOC.ECTT-3
14:  Public clone method missing OOP.MUCOP-3
14:  Static creation method missing OOP.MUCOP-3
14:  Copy constructor missing OOP.MUCOP-3
14:  The interface 'IAccessModeControllerAware' is never implemented GLOBAL.NIE-4
14:  Globally unused "public" interface: com.parasoft.parabank.util.IAccessModeControllerAware GLOBAL.UPPC-4
14:  'writeObject()' method is missing CWE.499.SER-5
14:  'clone()' method is missing SECURITY.WSC.MCNC-5
14:  'writeObject()' method is missing SECURITY.WSC.SER-5
14:  Missing '@version' Javadoc tag: IAccessModeControllerAware JAVADOC.MVJDT-3
24:  This '@param' tag does not contain a meaningful description of the parameter JAVADOC.MDJT-3
26:  "public" method without a '@post' contract: setAccessModeController () DBC.PUBMPOST-3
26:  "public" method without a '@pre' contract: setAccessModeController DBC.PUBMPRE-3

Findings by File
Expand All   Collapse All   Back to Top    

  •  + 7275 (0)  Total (Suppressed)
    •  + 7275 (0)  com.parasoft:parabank
      •  + 7275 (0)  src

Flow Analysis Legend:

     Message - violation cause      Message - violation point      Message - path element annotation
Active Rules
Back to Top    

 [426/426]  DISA ASD STIG (APSC_DV) 
     [3/3]  APSC_DV.001300 The application must protect audit information from unauthorized deletion. (APSC_DV.001300) 
        Avoid untrusted input when logging messages with Seam Logging API (APSC_DV.001300.DCEMSL-2) 
        Avoid passing unvalidated binary data to log methods (APSC_DV.001300.LOG-2) 
        Protect against log forging (APSC_DV.001300.TDLOG-2) 
     [5/5]  APSC_DV.001740 The application must only store cryptographic representations of passwords. (APSC_DV.001740) 
        Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files (APSC_DV.001740.PCCF-1) 
        Avoid using plain text passwords in Axis 'wsdd' files (APSC_DV.001740.PTPT-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (APSC_DV.001740.PWDPROP-1) 
        Avoid using plain text passwords in Axis2 configuration files (APSC_DV.001740.UTAX-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001740.WCPWD-1) 
     [1/1]  APSC_DV.002510 The application must protect from command injection. (APSC_DV.002510) 
        Protect against Command injection (APSC_DV.002510.TDCMD-1) 
     [9/9]  APSC_DV.000510 The application must execute without excessive account permissions. (APSC_DV.000510) 
        Avoid using anonymous "privileged" classes when invoking "AccessController.doPrivileged()" (APSC_DV.000510.ACDP-1) 
        Declare subclasses of 'PrivilegedAction', 'PrivilegedExceptionAction', and 'PrivilegedActionException' "final" (APSC_DV.000510.PAF-1) 
        Wrap "privileged" method invocations in "final" methods (APSC_DV.000510.PCFM-1) 
        Limit the number of lines in "privileged" code blocks (APSC_DV.000510.PCL-1) 
        Wrap "privileged" method invocations in "private" methods (APSC_DV.000510.PCPM-1) 
        Avoid using dynamically loaded classes in "privileged" code blocks (APSC_DV.000510.PDLC-1) 
        Ensure that all Permissions, PrivilegedActions, and PrivilegedActionExceptions are declared in the same package (APSC_DV.000510.PPKG-1) 
        Avoid operating on tainted data in privileged blocks (APSC_DV.000510.PRIVIL-1) 
        Declare the 'run()' method of 'PrivilegedAction' and 'PrivilegedExceptionAction' implementations "final" (APSC_DV.000510.PRMF-1) 
     [3/3]  APSC_DV.001660 Service-Oriented Applications handling non-releasable data must authenticate endpoint devices via mutual SSL/TLS. (APSC_DV.001660) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001660.WCMC-2) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001660.WMC-2) 
        Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001660.WMI-2) 
     [13/13]  APSC_DV.002530 The application must validate all input. (APSC_DV.002530) 
        Protect against Command injection (APSC_DV.002530.TDCMD-2) 
        Protect against Jakarta Digester injection (APSC_DV.002530.TDDIG-2) 
        Protect against Environment injection (APSC_DV.002530.TDENV-2) 
        Protect against File contents injection (APSC_DV.002530.TDFILES-2) 
        Protect against File names injection (APSC_DV.002530.TDFNAMES-2) 
        Protect against JXPath injection (APSC_DV.002530.TDJXPATH-2) 
        Protect against LDAP injection (APSC_DV.002530.TDLDAP-2) 
        Protect against Library injection (APSC_DV.002530.TDLIB-2) 
        Protect against network resource injection (APSC_DV.002530.TDNET-2) 
        Protect against Reflection injection (APSC_DV.002530.TDRFL-2) 
        Protect against SQL injection (APSC_DV.002530.TDSQL-2) 
        Protect against XML data injection (APSC_DV.002530.TDXML-2) 
        Protect against XPath injection (APSC_DV.002530.TDXPATH-2) 
     [7/7]  APSC_DV.001860 The application must use mechanisms meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module. (APSC_DV.001860) 
        Avoid using insecure cryptographic algorithms for data encryption with Spring (APSC_DV.001860.AISSAJAVA-2) 
        Avoid using insecure cryptographic algorithms in Spring XML configurations (APSC_DV.001860.AISSAXML-2) 
        Avoid using the javax.crypto.NullCipher class in non-test classes (APSC_DV.001860.AUNC-2) 
        Avoid using cryptographic keys which are too short (APSC_DV.001860.CKTS-2) 
        Avoid using insecure algorithms for cryptography (APSC_DV.001860.ICA-2) 
        Use hash functions with a salt (APSC_DV.001860.MDSALT-2) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (APSC_DV.001860.SRD-2) 
     [5/5]  APSC_DV.000650 The application must not write sensitive data into the application logs. (APSC_DV.000650) 
        Do not log confidential or sensitive information (APSC_DV.000650.CONSEN-2) 
        Ensure all sensitive method invocations are logged (APSC_DV.000650.ENFL-2) 
        Avoid logging sensitive Hibernate-related information at the 'info' level in 'log4j.properties' files (APSC_DV.000650.LHII-2) 
        Prevent exposure of sensitive data (APSC_DV.000650.SENS-2) 
        Avoid passing sensitive data to functions that write to log files (APSC_DV.000650.SENSLOG-2) 
     [1/1]  APSC_DV.002550 The application must not be vulnerable to XML-oriented attacks. (APSC_DV.002550) 
        Protect against XML data injection (APSC_DV.002550.TDXML-1) 
     [1/1]  APSC_DV.002210 The application must set the HTTPOnly flag on session cookies. (APSC_DV.002210) 
        Mark cookies as HttpOnly (APSC_DV.002210.SCHTTP-2) 
     [2/2]  APSC_DV.002350 The application must use appropriate cryptography in order to protect stored DoD information when required by the information owner or DoD policy. (APSC_DV.002350) 
        Avoid using insecure cryptographic algorithms for data encryption with Spring (APSC_DV.002350.AISSAJAVA-2) 
        Do not use initialization circularities for fields (APSC_DV.002350.IC-2) 
     [1/1]  APSC_DV.002570 The application must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. (APSC_DV.002570) 
        Do not log confidential or sensitive information (APSC_DV.002570.CONSEN-2) 
     [47/47]  APSC_DV.000170 The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. (APSC_DV.000170) 
        Avoid using custom MessageDigest implementations (APSC_DV.000170.ACMD-2) 
        Ensure that 'axis.development.system' is set to "false" in Axis 'server-config.wsdd' files (APSC_DV.000170.ADS-2) 
        Ensure that 'axis.enableListQuery' is set to "false" in Axis 'server-config.wsdd' files (APSC_DV.000170.AELQ-2) 
        Avoid using insecure cryptographic algorithms for data encryption with Spring (APSC_DV.000170.AISSAJAVA-2) 
        Avoid using insecure cryptographic algorithms in Spring XML configurations (APSC_DV.000170.AISSAXML-2) 
        Avoid using the javax.crypto.NullCipher class in non-test classes (APSC_DV.000170.AUNC-2) 
        Avoid using cryptographic keys which are too short (APSC_DV.000170.CKTS-2) 
        Ensure that 'axis.disableServiceList' is set to "true" in Axis 'server-config.wsdd' files (APSC_DV.000170.DSL-2) 
        Avoid defining multiple security roles with the same name in 'web.xml' files (APSC_DV.000170.DSR-2) 
        Ensure that the 'Encrypt' directive is specified for each 'items' tag in Axis2 configuration files (APSC_DV.000170.EDAR-2) 
        Ensure that each filter mapped in a 'web.xml' file has a corresponding definition (APSC_DV.000170.FMCD-2) 
        Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files (APSC_DV.000170.HTTPS-2) 
        Avoid using insecure algorithms for cryptography (APSC_DV.000170.ICA-2) 
        Ensure that 'InflowSecurity' and 'OutflowSecurity' parameters are specified in Axis2 configuration files (APSC_DV.000170.ISOS-2) 
        Include an appropriate '<login-config>' element to specify the type of authentication to be performed in 'web.xml' files (APSC_DV.000170.LCA-2) 
        Use hash functions with a salt (APSC_DV.000170.MDSALT-2) 
        Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files (APSC_DV.000170.PCCF-2) 
        Avoid using plain text passwords in Axis 'wsdd' files (APSC_DV.000170.PTPT-2) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (APSC_DV.000170.PWDPROP-2) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (APSC_DV.000170.PWDXML-2) 
        Restrict access to JSPs in 'web.xml' files by including a security constraint for '*.jsp' files (APSC_DV.000170.RAJ-2) 
        Ensure that "REST" is disabled in 'axis2.xml' configuration files (APSC_DV.000170.REST-2) 
        Ensure that the 'Signature' directive is specified for each 'items' tag in Axis2 configuration files (APSC_DV.000170.SDAR-2) 
        Always specify error pages in web.xml (APSC_DV.000170.SEP-2) 
        Ensure Session-ID Length is sufficient (APSC_DV.000170.SLID-2) 
        Avoid using the SOAP Monitor module (APSC_DV.000170.SMM-2) 
        Ensure that each security role referenced in a 'web.xml' file has a corresponding definition (APSC_DV.000170.SRCD-2) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (APSC_DV.000170.SRD-2) 
        Ensure that sessions are configured to time out in 'web.xml' files (APSC_DV.000170.STTL-2) 
        Ensure that the 'Timestamp' directive is specified for each 'items' tag in Axis2 configuration files (APSC_DV.000170.TDAR-2) 
        Ensure that all constrained resources are protected with a '<user-data-constraint>' element in 'web.xml' files (APSC_DV.000170.UDC-2) 
        Use the SSL-enabled version of classes when possible (APSC_DV.000170.USC-2) 
        Avoid using plain text passwords in Axis2 configuration files (APSC_DV.000170.UTAX-2) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.000170.WCMC-2) 
        Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.000170.WCMI-2) 
        Avoid misconfiguring timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.000170.WCMT-2) 
        Ensure WS-Security is enabled in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.000170.WCMWS-2) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.000170.WCPWD-2) 
        Avoid unsigned timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.000170.WCUTS-2) 
        Ensure all web content directories have a "welcome file" (APSC_DV.000170.WELC-2) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.000170.WMC-2) 
        Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.000170.WMI-2) 
        Avoid misconfiguring timestamps in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.000170.WMT-2) 
        Ensure WS-Security is enabled in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.000170.WMWS-2) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.000170.WPWD-2) 
        Ensure that the Rampart WS-Security module is enabled in Axis2 configuration files (APSC_DV.000170.WSS-2) 
        Avoid unsigned timestamps in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.000170.WUTS-2) 
     [5/5]  APSC_DV.002010 The application must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. (APSC_DV.002010) 
        Avoid using insecure cryptographic algorithms for data encryption with Spring (APSC_DV.002010.AISSAJAVA-2) 
        Avoid using insecure cryptographic algorithms in Spring XML configurations (APSC_DV.002010.AISSAXML-2) 
        Avoid using the javax.crypto.NullCipher class in non-test classes (APSC_DV.002010.AUNC-2) 
        Avoid using cryptographic keys which are too short (APSC_DV.002010.CKTS-2) 
        Avoid using insecure algorithms for cryptography (APSC_DV.002010.ICA-2) 
     [93/93]  APSC_DV.001460 An application vulnerability assessment must be conducted. (APSC_DV.001460) 
        Do not call the 'printStackTrace()' method of "Throwable" objects (APSC_DV.001460.ACPST-2) 
        Avoid "try", "catch" and "finally" blocks with empty bodies (APSC_DV.001460.AECB-2) 
        Avoid using insecure cryptographic algorithms for data encryption with Spring (APSC_DV.001460.AISSAJAVA-2) 
        Avoid using insecure cryptographic algorithms in Spring XML configurations (APSC_DV.001460.AISSAXML-2) 
        Avoid using the javax.crypto.NullCipher class in non-test classes (APSC_DV.001460.AUNC-2) 
        Avoid parsing untrusted data with XMLDecoder (APSC_DV.001460.AUXD-2) 
        Canonicalize all data before validation (APSC_DV.001460.CDBV-2) 
        Do not log confidential or sensitive information (APSC_DV.001460.CONSEN-2) 
        Do not disable CSRF protection (APSC_DV.001460.DCSRFJAVA-2) 
        Do not disable CSRF protection (APSC_DV.001460.DCSRFXML-2) 
        Avoid duplicated forms in the 'validation.xml' (APSC_DV.001460.DFV-2) 
        Avoid using the DriverManagerDataSource class in production code (APSC_DV.001460.DMDS-2) 
        Avoid DNS lookups for decision making (APSC_DV.001460.DNSL-2) 
        Avoid granting access permission for EJB methods to the 'ANYONE' role (APSC_DV.001460.DPANY-2) 
        Create a 'serialVersionUID' for all 'Serializable' classes (APSC_DV.001460.DUID-2) 
        Disable XML external entity injection (APSC_DV.001460.DXXE-2) 
        Ensure all sensitive method invocations are logged (APSC_DV.001460.ENFL-2) 
        Ensure arguments passed to certain methods come from predefined methods list (APSC_DV.001460.ENPP-2) 
        Ensure validators are enabled in the 'struts-config.xml' (APSC_DV.001460.EV-2) 
        Avoid debug information from Spring Security framework to logs (APSC_DV.001460.EWSSEC-2) 
        Avoid using hard-coded cryptographic keys (APSC_DV.001460.HCCK-2) 
        Do not hard-code IP addresses and port numbers (APSC_DV.001460.HCNA-2) 
        Avoid using the 'getRequestedSessionId' method from the 'HttpServletRequest' class (APSC_DV.001460.HGRSI-2) 
        Do not rely on IP addresses obtained from HTTP request headers for authentication (APSC_DV.001460.HTTPRHA-2) 
        Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files (APSC_DV.001460.HTTPS-2) 
        Ensure the HostnameVerifier.verify() method validates the certificate (APSC_DV.001460.HV-2) 
        Avoid using insecure algorithms for cryptography (APSC_DV.001460.ICA-2) 
        Always call 'HttpSession.invalidate()' before 'LoginContext.login()' (APSC_DV.001460.ISL-2) 
        Avoid non-random "byte[]" when using IvParameterSpec (APSC_DV.001460.IVR-2) 
        Restrict cross-origin resource sharing to secure origins (APSC_DV.001460.JXCORS-2) 
        Ensure all exceptions are either logged with a standard logger or rethrown (APSC_DV.001460.LGE-2) 
        Assign 'protected' accessibility to 'readResolve()' and 'writeReplace()' methods in serializable classes (APSC_DV.001460.MASP-2) 
        MessageDigest objects must process the data with the 'update' method (APSC_DV.001460.MCMDU-2) 
        Use hash functions with a salt (APSC_DV.001460.MDSALT-2) 
        Do not catch exception types which are too general or are unchecked exceptions (APSC_DV.001460.NCE-2) 
        Do not catch 'NullPointerException' (APSC_DV.001460.NCNPE-2) 
        Do not throw exception types which are too general or are unchecked exceptions (APSC_DV.001460.NTERR-2) 
        Avoid declaring methods to throw general or unchecked Exception types (APSC_DV.001460.NTX-2) 
        Ensure method arguments are serializable (APSC_DV.001460.ONS-2) 
        Implement 'readObject()' and 'writeObject()' for all 'Serializable' classes (APSC_DV.001460.OROM-2) 
        Ensure sufficient protection against multiple failed authentication attempts (APSC_DV.001460.PBFA-2) 
        Always specify absolute paths to execute commands (APSC_DV.001460.PBRTE-2) 
        Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files (APSC_DV.001460.PCCF-2) 
        Do not pass exception messages into output in order to prevent the application from leaking sensitive information (APSC_DV.001460.PEO-2) 
        Password information should not be included in properties file in plaintext (APSC_DV.001460.PLAIN-2) 
        Avoid storing sensitive data in plaintext in a cookie (APSC_DV.001460.PLC-2) 
        Ensure Plugins are added in the 'struts-config.xml' (APSC_DV.001460.PLUGIN-2) 
        Avoid using plain text passwords in Axis 'wsdd' files (APSC_DV.001460.PTPT-2) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (APSC_DV.001460.PWDPROP-2) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (APSC_DV.001460.PWDXML-2) 
        Do not declare entity beans as remote (APSC_DV.001460.RR-2) 
        Define a "readResolve" method for all instances of Serializable types (APSC_DV.001460.RRSC-2) 
        Ensure proper session expiration (APSC_DV.001460.RUIM-2) 
        Ensure that all fields are assigned by the 'readObject()' method and written out by the 'writeObject()' method (APSC_DV.001460.RWAF-2) 
        Disable LDAP deserialization (APSC_DV.001460.SC-2) 
        Always declare writeObject and readObject methods for Serializable subclasses of non-Serializable parents (APSC_DV.001460.SCBNP-2) 
        Prevent exposure of sensitive data (APSC_DV.001460.SENS-2) 
        Always specify error pages in web.xml (APSC_DV.001460.SEP-2) 
        Initialize KeyGenerator instances (APSC_DV.001460.SIKG-2) 
        Avoid calling print methods of 'System.err' or 'System.out' (APSC_DV.001460.SIO-2) 
        Ensure Session-ID Length is sufficient (APSC_DV.001460.SLID-2) 
        Do not store non-serializable objects as HttpSession attributes (APSC_DV.001460.SNSO-2) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (APSC_DV.001460.SRD-2) 
        Do not declare the 'readObject()' method as "synchronized" (APSC_DV.001460.SROS-2) 
        Safely serialize sensitive data (APSC_DV.001460.SSSD-2) 
        Ensure that sessions are configured to time out in 'web.xml' files (APSC_DV.001460.STTL-2) 
        Protect against Command injection (APSC_DV.001460.TDCMD-2) 
        Protect against Jakarta Digester injection (APSC_DV.001460.TDDIG-2) 
        Protect against Environment injection (APSC_DV.001460.TDENV-2) 
        Protect against File contents injection (APSC_DV.001460.TDFILES-2) 
        Protect against File names injection (APSC_DV.001460.TDFNAMES-2) 
        Exclude unsanitized user input from format strings (APSC_DV.001460.TDINPUT-2) 
        Protect against JXPath injection (APSC_DV.001460.TDJXPATH-2) 
        Protect against LDAP injection (APSC_DV.001460.TDLDAP-2) 
        Protect against Library injection (APSC_DV.001460.TDLIB-2) 
        Protect against log forging (APSC_DV.001460.TDLOG-2) 
        Protect against network resource injection (APSC_DV.001460.TDNET-2) 
        Protect against using unprotected credentials (APSC_DV.001460.TDPASSWD-2) 
        Protect against HTTP response splitting (APSC_DV.001460.TDRESP-2) 
        Protect against Reflection injection (APSC_DV.001460.TDRFL-2) 
        Do not store untrusted data in HTTP session (APSC_DV.001460.TDSESSION-2) 
        Protect against SQL injection (APSC_DV.001460.TDSQL-2) 
        Protect against XPath injection (APSC_DV.001460.TDXPATH-2) 
        Protect against XSS vulnerabilities (APSC_DV.001460.TDXSS-2) 
        Use the ''getSecure()'' and ''setSecure()'' methods to enforce the use of secure cookies (APSC_DV.001460.UOSC-2) 
        Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (APSC_DV.001460.UPS-2) 
        Avoid storing unencrypted Hibernate usernames and passwords in 'web.xml' files (APSC_DV.001460.UPWD-2) 
        Use the SSL-enabled version of classes when possible (APSC_DV.001460.USC-2) 
        Always verify JarFile signatures (APSC_DV.001460.VJFS-2) 
        Validate objects before deserialization (APSC_DV.001460.VOBD-2) 
        Properly validate server identity (APSC_DV.001460.VSI-2) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001460.WCPWD-2) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001460.WPWD-2) 
     [1/1]  APSC_DV.001680 The application must enforce a minimum 15-character password length. (APSC_DV.001680) 
        Use the 'minlength' validator for password fields in 'validation.xml' (APSC_DV.001680.MLVP-1) 
     [4/4]  APSC_DV.002590 The application must not be vulnerable to overflow attacks. (APSC_DV.002590) 
        Do not cast primitive data types to lower precision (APSC_DV.002590.CLP-1) 
        Avoid calculations which result in overflow or NaN (APSC_DV.002590.ICO-1) 
        Avoid integer overflows (APSC_DV.002590.INTOVERF-1) 
        Use unsigned right shift instead of division when overflow is possible (APSC_DV.002590.IOF-1) 
     [1/1]  APSC_DV.002470 The application must maintain the confidentiality and integrity of information during reception. (APSC_DV.002470) 
        Prevent exposure of sensitive data (APSC_DV.002470.SENS-2) 
     [1/1]  APSC_DV.000080 The application must automatically terminate the admin user session and log off admin users after a 10 minute idle time period is exceeded. (APSC_DV.000080) 
        Ensure proper session expiration (APSC_DV.000080.RUIM-2) 
     [4/4]  APSC_DV.001290 The application must protect audit information from unauthorized modification. (APSC_DV.001290) 
        Avoid untrusted input when logging messages with Seam Logging API (APSC_DV.001290.DCEMSL-2) 
        Avoid passing unvalidated binary data to log methods (APSC_DV.001290.LOG-2) 
        Protect against log forging (APSC_DV.001290.TDLOG-2) 
        Protect against SQL injection (APSC_DV.001290.TDSQL-2) 
     [2/2]  APSC_DV.001995 The application must not be vulnerable to race conditions. (APSC_DV.001995) 
        Avoid unsafe implementations of the "double-checked locking" pattern (APSC_DV.001995.DCL-2) 
        Avoid Time-of-check Time-of-use (TOCTOU) Race Condition (APSC_DV.001995.TOCTOU-2) 
     [9/9]  APSC_DV.000500 The application must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. (APSC_DV.000500) 
        Avoid using anonymous "privileged" classes when invoking "AccessController.doPrivileged()" (APSC_DV.000500.ACDP-2) 
        Declare subclasses of 'PrivilegedAction', 'PrivilegedExceptionAction', and 'PrivilegedActionException' "final" (APSC_DV.000500.PAF-2) 
        Wrap "privileged" method invocations in "final" methods (APSC_DV.000500.PCFM-2) 
        Limit the number of lines in "privileged" code blocks (APSC_DV.000500.PCL-2) 
        Wrap "privileged" method invocations in "private" methods (APSC_DV.000500.PCPM-2) 
        Avoid using dynamically loaded classes in "privileged" code blocks (APSC_DV.000500.PDLC-2) 
        Ensure that all Permissions, PrivilegedActions, and PrivilegedActionExceptions are declared in the same package (APSC_DV.000500.PPKG-2) 
        Avoid operating on tainted data in privileged blocks (APSC_DV.000500.PRIVIL-2) 
        Declare the 'run()' method of 'PrivilegedAction' and 'PrivilegedExceptionAction' implementations "final" (APSC_DV.000500.PRMF-2) 
     [38/38]  APSC_DV.001850 The application must not display passwords/PINs as clear text. (APSC_DV.001850) 
        Ensure that 'axis.development.system' is set to "false" in Axis 'server-config.wsdd' files (APSC_DV.001850.ADS-1) 
        Ensure that 'axis.enableListQuery' is set to "false" in Axis 'server-config.wsdd' files (APSC_DV.001850.AELQ-1) 
        Ensure that 'axis.disableServiceList' is set to "true" in Axis 'server-config.wsdd' files (APSC_DV.001850.DSL-1) 
        Avoid defining multiple security roles with the same name in 'web.xml' files (APSC_DV.001850.DSR-1) 
        Ensure that the 'Encrypt' directive is specified for each 'items' tag in Axis2 configuration files (APSC_DV.001850.EDAR-1) 
        Ensure that each filter mapped in a 'web.xml' file has a corresponding definition (APSC_DV.001850.FMCD-1) 
        Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files (APSC_DV.001850.HTTPS-1) 
        Ensure that 'InflowSecurity' and 'OutflowSecurity' parameters are specified in Axis2 configuration files (APSC_DV.001850.ISOS-1) 
        Include an appropriate '<login-config>' element to specify the type of authentication to be performed in 'web.xml' files (APSC_DV.001850.LCA-1) 
        Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files (APSC_DV.001850.PCCF-1) 
        Avoid using plain text passwords in Axis 'wsdd' files (APSC_DV.001850.PTPT-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (APSC_DV.001850.PWDPROP-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (APSC_DV.001850.PWDXML-1) 
        Restrict access to JSPs in 'web.xml' files by including a security constraint for '*.jsp' files (APSC_DV.001850.RAJ-1) 
        Ensure that "REST" is disabled in 'axis2.xml' configuration files (APSC_DV.001850.REST-1) 
        Ensure that the 'Signature' directive is specified for each 'items' tag in Axis2 configuration files (APSC_DV.001850.SDAR-1) 
        Always specify error pages in web.xml (APSC_DV.001850.SEP-1) 
        Ensure Session-ID Length is sufficient (APSC_DV.001850.SLID-1) 
        Avoid using the SOAP Monitor module (APSC_DV.001850.SMM-1) 
        Ensure that each security role referenced in a 'web.xml' file has a corresponding definition (APSC_DV.001850.SRCD-1) 
        Ensure that sessions are configured to time out in 'web.xml' files (APSC_DV.001850.STTL-1) 
        Ensure that the 'Timestamp' directive is specified for each 'items' tag in Axis2 configuration files (APSC_DV.001850.TDAR-1) 
        Ensure that all constrained resources are protected with a '<user-data-constraint>' element in 'web.xml' files (APSC_DV.001850.UDC-1) 
        Avoid using plain text passwords in Axis2 configuration files (APSC_DV.001850.UTAX-1) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001850.WCMC-1) 
        Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001850.WCMI-1) 
        Avoid misconfiguring timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001850.WCMT-1) 
        Ensure WS-Security is enabled in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001850.WCMWS-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001850.WCPWD-1) 
        Avoid unsigned timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001850.WCUTS-1) 
        Ensure all web content directories have a "welcome file" (APSC_DV.001850.WELC-1) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001850.WMC-1) 
        Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001850.WMI-1) 
        Avoid misconfiguring timestamps in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001850.WMT-1) 
        Ensure WS-Security is enabled in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001850.WMWS-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001850.WPWD-1) 
        Ensure that the Rampart WS-Security module is enabled in Axis2 configuration files (APSC_DV.001850.WSS-1) 
        Avoid unsigned timestamps in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001850.WUTS-1) 
     [1/1]  APSC_DV.002400 The application must restrict the ability to launch Denial of Service (DoS) attacks against itself or other information systems. (APSC_DV.002400) 
        Protect against network resource injection (APSC_DV.002400.TDNET-2) 
     [3/3]  APSC_DV.002500 The application must protect from Cross-Site Request Forgery (CSRF) vulnerabilities. (APSC_DV.002500) 
        Do not disable CSRF protection (APSC_DV.002500.DCSRFJAVA-2) 
        Do not disable CSRF protection (APSC_DV.002500.DCSRFXML-2) 
        Validate all dangerous data (APSC_DV.002500.VPPD-2) 
     [37/37]  APSC_DV.003215 The application development team must follow a set of coding standards. (APSC_DV.003215) 
        Use '()' to separate complex expressions (APSC_DV.003215.APAREN-3) 
        Ensure proper spacing in array references (APSC_DV.003215.ASPACE-3) 
        Do not place empty whitespace at the end of a line (APSC_DV.003215.ATS-3) 
        Put a blank line before each C-style comment (APSC_DV.003215.BLBC-3) 
        Enforce number of blank line(s) before type declarations (APSC_DV.003215.BLCD-3) 
        Enforce number of blank line(s) to separate "imports" from different packages (APSC_DV.003215.BLSIM-3) 
        Place a closing brace on its own line (APSC_DV.003215.CBRACE-3) 
        Place a single space character or no space character after type casting (APSC_DV.003215.CMS-3) 
        Do not leave spaces between qualified names and method invocations (APSC_DV.003215.DOT-3) 
        Use spaces instead of tabs (or tabs instead of spaces) (APSC_DV.003215.DUT-3) 
        Enforce the position of '{' brace (APSC_DV.003215.FCB-3) 
        Place the type that has the same name as the file as the first type (APSC_DV.003215.FCN-3) 
        Declare arrays with '[]' brackets after the array type and before the variable name(s) (APSC_DV.003215.IAD-3) 
        Enforce number of space(s) for indentation (APSC_DV.003215.IND-3) 
        Limit the maximum length of a line (APSC_DV.003215.LL-3) 
        Include a meaningful file header comment in every source file (APSC_DV.003215.MCH-3) 
        Enforce the order of annotations and modifiers (APSC_DV.003215.MO-3) 
        Place a single space character or no space character between a method name and the opening "(" parenthesis (APSC_DV.003215.MSP-3) 
        Do not place statements on the same line as the '{' opening brace (APSC_DV.003215.NSAB-3) 
        Write one statement per line (APSC_DV.003215.OSPL-3) 
        Enforce number of space character(s) after every comma (APSC_DV.003215.SAC-3) 
        Enforce number of space character(s) on each side of an assignment operator (APSC_DV.003215.SAOP-3) 
        Enforce number of space character(s) after the opening parenthesis "(" of a conditional statement (APSC_DV.003215.SAP-3) 
        Enforce number of space character(s) after every semicolon (APSC_DV.003215.SAS-3) 
        Enforce number of space character(s) between a prefixed unary operator and its operand (APSC_DV.003215.SAUOP-3) 
        Enforce number of space character(s) on each side of a bitwise operator (APSC_DV.003215.SBOP-3) 
        Enforce number of space character(s) between a postfixed unary operator and its operand (APSC_DV.003215.SBUOP-3) 
        Enforce number of space character(s) between a conditional statement and the opening "(" parenthesis (APSC_DV.003215.SC-3) 
        Enforce number of space character(s) before and after the "?" conditional operator (APSC_DV.003215.SCOP-3) 
        Enforce number of space character(s) on each side of a logical operator (APSC_DV.003215.SLOP-3) 
        Enforce number of space character(s) on each side of a relational operator (APSC_DV.003215.SROP-3) 
        Avoid using trailing comments (APSC_DV.003215.TC-3) 
        Avoid or enforce the use of trailing commas in array initializers (APSC_DV.003215.TCOMMA-3) 
        Use the preferred formatting for conditional expressions (APSC_DV.003215.TE-3) 
        Make sure all files are terminated with a newline character (APSC_DV.003215.TNL-3) 
        Enforce number of blank line(s) between major sections (APSC_DV.003215.U2BL-3) 
        Avoid unnecessary parentheses (APSC_DV.003215.UP-3) 
     [4/4]  APSC_DV.000460 The application must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. (APSC_DV.000460) 
        Avoid defining multiple security roles with the same name in 'web.xml' files (APSC_DV.000460.DSR-1) 
        Include an appropriate '<login-config>' element to specify the type of authentication to be performed in 'web.xml' files (APSC_DV.000460.LCA-1) 
        Avoid EJB 3 methods without security annotations (APSC_DV.000460.PERMIT-1) 
        Ensure that each security role referenced in a 'web.xml' file has a corresponding definition (APSC_DV.000460.SRCD-1) 
     [5/5]  APSC_DV.002520 The application must protect from canonical representation vulnerabilities. (APSC_DV.002520) 
        Protect against Environment injection (APSC_DV.002520.TDENV-2) 
        Protect against File names injection (APSC_DV.002520.TDFNAMES-2) 
        Protect against LDAP injection (APSC_DV.002520.TDLDAP-2) 
        Protect against network resource injection (APSC_DV.002520.TDNET-2) 
        Protect against SQL injection (APSC_DV.002520.TDSQL-2) 
     [1/1]  APSC_DV.003235 The application must not be subject to error handling vulnerabilities. (APSC_DV.003235) 
        Check the return value of methods which read or skip input (APSC_DV.003235.CRRV-2) 
     [38/38]  APSC_DV.001750 The application must transmit only cryptographically-protected passwords. (APSC_DV.001750) 
        Ensure that 'axis.development.system' is set to "false" in Axis 'server-config.wsdd' files (APSC_DV.001750.ADS-1) 
        Ensure that 'axis.enableListQuery' is set to "false" in Axis 'server-config.wsdd' files (APSC_DV.001750.AELQ-1) 
        Ensure that 'axis.disableServiceList' is set to "true" in Axis 'server-config.wsdd' files (APSC_DV.001750.DSL-1) 
        Avoid defining multiple security roles with the same name in 'web.xml' files (APSC_DV.001750.DSR-1) 
        Ensure that the 'Encrypt' directive is specified for each 'items' tag in Axis2 configuration files (APSC_DV.001750.EDAR-1) 
        Ensure that each filter mapped in a 'web.xml' file has a corresponding definition (APSC_DV.001750.FMCD-1) 
        Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files (APSC_DV.001750.HTTPS-1) 
        Ensure that 'InflowSecurity' and 'OutflowSecurity' parameters are specified in Axis2 configuration files (APSC_DV.001750.ISOS-1) 
        Include an appropriate '<login-config>' element to specify the type of authentication to be performed in 'web.xml' files (APSC_DV.001750.LCA-1) 
        Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files (APSC_DV.001750.PCCF-1) 
        Avoid using plain text passwords in Axis 'wsdd' files (APSC_DV.001750.PTPT-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (APSC_DV.001750.PWDPROP-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (APSC_DV.001750.PWDXML-1) 
        Restrict access to JSPs in 'web.xml' files by including a security constraint for '*.jsp' files (APSC_DV.001750.RAJ-1) 
        Ensure that "REST" is disabled in 'axis2.xml' configuration files (APSC_DV.001750.REST-1) 
        Ensure that the 'Signature' directive is specified for each 'items' tag in Axis2 configuration files (APSC_DV.001750.SDAR-1) 
        Always specify error pages in web.xml (APSC_DV.001750.SEP-1) 
        Ensure Session-ID Length is sufficient (APSC_DV.001750.SLID-1) 
        Avoid using the SOAP Monitor module (APSC_DV.001750.SMM-1) 
        Ensure that each security role referenced in a 'web.xml' file has a corresponding definition (APSC_DV.001750.SRCD-1) 
        Ensure that sessions are configured to time out in 'web.xml' files (APSC_DV.001750.STTL-1) 
        Ensure that the 'Timestamp' directive is specified for each 'items' tag in Axis2 configuration files (APSC_DV.001750.TDAR-1) 
        Ensure that all constrained resources are protected with a '<user-data-constraint>' element in 'web.xml' files (APSC_DV.001750.UDC-1) 
        Avoid using plain text passwords in Axis2 configuration files (APSC_DV.001750.UTAX-1) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001750.WCMC-1) 
        Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001750.WCMI-1) 
        Avoid misconfiguring timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001750.WCMT-1) 
        Ensure WS-Security is enabled in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001750.WCMWS-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001750.WCPWD-1) 
        Avoid unsigned timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.001750.WCUTS-1) 
        Ensure all web content directories have a "welcome file" (APSC_DV.001750.WELC-1) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001750.WMC-1) 
        Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001750.WMI-1) 
        Avoid misconfiguring timestamps in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001750.WMT-1) 
        Ensure WS-Security is enabled in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001750.WMWS-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001750.WPWD-1) 
        Ensure that the Rampart WS-Security module is enabled in Axis2 configuration files (APSC_DV.001750.WSS-1) 
        Avoid unsigned timestamps in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.001750.WUTS-1) 
     [1/1]  APSC_DV.002000 The application must terminate all network connections associated with a communications session at the end of the session. (APSC_DV.002000) 
        Ensure resources are deallocated (APSC_DV.002000.LEAKS-2) 
     [1/1]  APSC_DV.002220 The application must set the secure flag on session cookies. (APSC_DV.002220) 
        Use the ''getSecure()'' and ''setSecure()'' methods to enforce the use of secure cookies (APSC_DV.002220.UOSC-2) 
     [5/5]  APSC_DV.002440 The application must protect the confidentiality and integrity of transmitted information. (APSC_DV.002440) 
        Do not log confidential or sensitive information (APSC_DV.002440.CONSEN-1) 
        Do not hard-code IP addresses and port numbers (APSC_DV.002440.HCNA-1) 
        Password information should not be included in properties file in plaintext (APSC_DV.002440.PLAIN-1) 
        Avoid storing sensitive data in plaintext in a cookie (APSC_DV.002440.PLC-1) 
        Prevent exposure of sensitive data (APSC_DV.002440.SENS-1) 
     [1/1]  APSC_DV.002540 The application must not be vulnerable to SQL Injection. (APSC_DV.002540) 
        Protect against SQL injection (APSC_DV.002540.TDSQL-1) 
     [47/47]  APSC_DV.000160 The application must implement DoD-approved encryption to protect the confidentiality of remote access sessions. (APSC_DV.000160) 
        Avoid using custom MessageDigest implementations (APSC_DV.000160.ACMD-2) 
        Ensure that 'axis.development.system' is set to "false" in Axis 'server-config.wsdd' files (APSC_DV.000160.ADS-2) 
        Ensure that 'axis.enableListQuery' is set to "false" in Axis 'server-config.wsdd' files (APSC_DV.000160.AELQ-2) 
        Avoid using insecure cryptographic algorithms for data encryption with Spring (APSC_DV.000160.AISSAJAVA-2) 
        Avoid using insecure cryptographic algorithms in Spring XML configurations (APSC_DV.000160.AISSAXML-2) 
        Avoid using the javax.crypto.NullCipher class in non-test classes (APSC_DV.000160.AUNC-2) 
        Avoid using cryptographic keys which are too short (APSC_DV.000160.CKTS-2) 
        Ensure that 'axis.disableServiceList' is set to "true" in Axis 'server-config.wsdd' files (APSC_DV.000160.DSL-2) 
        Avoid defining multiple security roles with the same name in 'web.xml' files (APSC_DV.000160.DSR-2) 
        Ensure that the 'Encrypt' directive is specified for each 'items' tag in Axis2 configuration files (APSC_DV.000160.EDAR-2) 
        Ensure that each filter mapped in a 'web.xml' file has a corresponding definition (APSC_DV.000160.FMCD-2) 
        Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files (APSC_DV.000160.HTTPS-2) 
        Avoid using insecure algorithms for cryptography (APSC_DV.000160.ICA-2) 
        Ensure that 'InflowSecurity' and 'OutflowSecurity' parameters are specified in Axis2 configuration files (APSC_DV.000160.ISOS-2) 
        Include an appropriate '<login-config>' element to specify the type of authentication to be performed in 'web.xml' files (APSC_DV.000160.LCA-2) 
        Use hash functions with a salt (APSC_DV.000160.MDSALT-2) 
        Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files (APSC_DV.000160.PCCF-2) 
        Avoid using plain text passwords in Axis 'wsdd' files (APSC_DV.000160.PTPT-2) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (APSC_DV.000160.PWDPROP-2) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (APSC_DV.000160.PWDXML-2) 
        Restrict access to JSPs in 'web.xml' files by including a security constraint for '*.jsp' files (APSC_DV.000160.RAJ-2) 
        Ensure that "REST" is disabled in 'axis2.xml' configuration files (APSC_DV.000160.REST-2) 
        Ensure that the 'Signature' directive is specified for each 'items' tag in Axis2 configuration files (APSC_DV.000160.SDAR-2) 
        Always specify error pages in web.xml (APSC_DV.000160.SEP-2) 
        Ensure Session-ID Length is sufficient (APSC_DV.000160.SLID-2) 
        Avoid using the SOAP Monitor module (APSC_DV.000160.SMM-2) 
        Ensure that each security role referenced in a 'web.xml' file has a corresponding definition (APSC_DV.000160.SRCD-2) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (APSC_DV.000160.SRD-2) 
        Ensure that sessions are configured to time out in 'web.xml' files (APSC_DV.000160.STTL-2) 
        Ensure that the 'Timestamp' directive is specified for each 'items' tag in Axis2 configuration files (APSC_DV.000160.TDAR-2) 
        Ensure that all constrained resources are protected with a '<user-data-constraint>' element in 'web.xml' files (APSC_DV.000160.UDC-2) 
        Use the SSL-enabled version of classes when possible (APSC_DV.000160.USC-2) 
        Avoid using plain text passwords in Axis2 configuration files (APSC_DV.000160.UTAX-2) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.000160.WCMC-2) 
        Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.000160.WCMI-2) 
        Avoid misconfiguring timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.000160.WCMT-2) 
        Ensure WS-Security is enabled in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.000160.WCMWS-2) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.000160.WCPWD-2) 
        Avoid unsigned timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files (APSC_DV.000160.WCUTS-2) 
        Ensure all web content directories have a "welcome file" (APSC_DV.000160.WELC-2) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.000160.WMC-2) 
        Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.000160.WMI-2) 
        Avoid misconfiguring timestamps in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.000160.WMT-2) 
        Ensure WS-Security is enabled in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.000160.WMWS-2) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.000160.WPWD-2) 
        Ensure that the Rampart WS-Security module is enabled in Axis2 configuration files (APSC_DV.000160.WSS-2) 
        Avoid unsigned timestamps in WebSphere 'ibm-webservices-ext.xmi' files (APSC_DV.000160.WUTS-2) 
     [1/1]  APSC_DV.002460 The application must maintain the confidentiality and integrity of information during preparation for transmission. (APSC_DV.002460) 
        Prevent exposure of sensitive data (APSC_DV.002460.SENS-2) 
     [13/13]  APSC_DV.002560 The application must not be subject to input handling vulnerabilities. (APSC_DV.002560) 
        Protect against Command injection (APSC_DV.002560.TDCMD-1) 
        Protect against Jakarta Digester injection (APSC_DV.002560.TDDIG-1) 
        Protect against Environment injection (APSC_DV.002560.TDENV-1) 
        Protect against File contents injection (APSC_DV.002560.TDFILES-1) 
        Protect against File names injection (APSC_DV.002560.TDFNAMES-1) 
        Protect against JXPath injection (APSC_DV.002560.TDJXPATH-1) 
        Protect against LDAP injection (APSC_DV.002560.TDLDAP-1) 
        Protect against Library injection (APSC_DV.002560.TDLIB-1) 
        Protect against network resource injection (APSC_DV.002560.TDNET-1) 
        Protect against Reflection injection (APSC_DV.002560.TDRFL-1) 
        Protect against SQL injection (APSC_DV.002560.TDSQL-1) 
        Protect against XML data injection (APSC_DV.002560.TDXML-1) 
        Protect against XPath injection (APSC_DV.002560.TDXPATH-1) 
     [1/1]  APSC_DV.003110 The application must not contain embedded authentication data. (APSC_DV.003110) 
        Avoid passing hardcoded usernames/passwords/URLs to database connection methods (APSC_DV.003110.HCCS-1) 
     [1/1]  APSC_DV.002480 The application must not disclose unnecessary information to users. (APSC_DV.002480) 
        Prevent exposure of sensitive data (APSC_DV.002480.SENS-2) 
     [4/4]  APSC_DV.000480 The application must enforce approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies. (APSC_DV.000480) 
        Keep all authentication methods centralized to enforce consistency (APSC_DV.000480.CAM-2) 
        Ensure the HostnameVerifier.verify() method validates the certificate (APSC_DV.000480.HV-2) 
        Ensure that an appropriate security manager is set (APSC_DV.000480.SSM-2) 
        Protect against SQL injection (APSC_DV.000480.TDSQL-2) 
     [1/1]  APSC_DV.002390 XML-based applications must mitigate DoS attacks by using XML filters, parser options, or gateways. (APSC_DV.002390) 
        Ensure that sessions are configured to time out in 'web.xml' files (APSC_DV.002390.STTL-2) 
     [1/1]  APSC_DV.002490 The application must protect from Cross-Site Scripting (XSS) vulnerabilities. (APSC_DV.002490) 
        Protect against XSS vulnerabilities (APSC_DV.002490.TDXSS-1) 
     [1/1]  APSC_DV.000070 The application must automatically terminate the non-privileged user session and log off non-privileged users after a 15 minute idle time period has elapsed. (APSC_DV.000070) 
        Ensure proper session expiration (APSC_DV.000070.RUIM-2) 
     [3/3]  APSC_DV.002290 The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. (APSC_DV.002290) 
        Avoid using insecure cryptographic algorithms for data encryption with Spring (APSC_DV.002290.AISSAJAVA-2) 
        Use hash functions with a salt (APSC_DV.002290.MDSALT-2) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (APSC_DV.002290.SRD-2) 
 [74/74]  Flow Analysis (BD) 
     [3/3]  API (BD.API) 
        Make sure implementation of Object.equals(Object) properly handles null values (BD.API.EQNULL-1) 
        Make sure implementation of Object.equals(Object) is reflexive (BD.API.EQREFL-1) 
        Do not rely on the write() method to output integers outside the range 0 to 255 (BD.API.ARGWRITE-2) 
     [22/22]  Possible Bugs (BD.PB) 
        Avoid use before explicit initialization (BD.PB.NOTEXPLINIT-1) 
        Avoid use of fields before initialization in constructors and static initializers (BD.PB.NOTINITCTOR-1) 
        Avoid overwriting method parameters before each use (BD.PB.POVR-1) 
        Do not append null value to strings (BD.PB.STRNULL-1) 
        Avoid division by zero (BD.PB.ZERO-1) 
        Avoid accessing arrays out of bounds (BD.PB.ARRAY-2) 
        Avoid incorrect shift operations (BD.PB.BADSHIFT-2) 
        Avoid conditions that always evaluate to the same value (BD.PB.CC-2) 
        Consistently check the returned value of non-void methods (BD.PB.CHECKRET-2) 
        Always catch exceptions (BD.PB.EXCEPT-2) 
        Method getPermission() is supposed to be invoked when user-defined class loaders are applied (BD.PB.GETPERM-2) 
        Avoid infinite recursion (BD.PB.INFREC-2) 
        Do not create multiple buffered wrappers on a single byte or character stream (BD.PB.MULBUF-2) 
        Do not invoke overridable methods from the readObject() method (BD.PB.VREADOBJ-2) 
        Do not check for null after dereferencing (BD.PB.DEREF-3) 
        Avoid integer overflows (BD.PB.INTOVERF-3) 
        Prevent external processes from blocking on input and output streams (BD.PB.PBIOS-3) 
        Ensure proper usage of StringBuilder/StringBuffer objects (BD.PB.SBONE-3) 
        Avoid switch with unreachable branches (BD.PB.SWITCH-3) 
        Avoid unused values (BD.PB.VOVR-3) 
        Methods shall not call themselves, either directly or indirectly (BD.PB.RECFUN-5) 
        Restore prior object state on method failure (BD.PB.REVOBJ-5) 
     [2/2]  Resources (BD.RES) 
        Do not use resources that have been freed (BD.RES.FREE-1) 
        Ensure resources are deallocated (BD.RES.LEAKS-1) 
     [3/3]  Optimization (BD.OPT) 
        Avoid inefficient removal of Collection elements (BD.OPT.INEFCOL-3) 
        Avoid inefficient iteration over Map entries (BD.OPT.INEFMAP-3) 
        Avoid inefficient removal of Map entries (BD.OPT.INEFMAPRM-3) 
     [6/6]  Threads & Synchronization (BD.TRS) 
        Avoid double locking (BD.TRS.DLOCK-1) 
        Do not abandon unreleased locks (BD.TRS.LOCK-1) 
        Do not acquire locks in different order (BD.TRS.ORDER-1) 
        Do not use blocking methods while holding a lock (BD.TRS.TSHL-1) 
        Variable should be used in context of single critical section (BD.TRS.DIFCS-2) 
        Do not use an instance lock to protect shared static data (BD.TRS.INSTLOCK-2) 
     [1/1]  Collections (BD.CO) 
        Do not modify collection while iterating over it (BD.CO.ITMOD-1) 
     [36/36]  Security (BD.SECURITY) 
        Avoid unvalidated input in array indexes (BD.SECURITY.ARRAY-1) 
        Prevent exposure of sensitive data (BD.SECURITY.SENS-1) 
        Protect against Command injection (BD.SECURITY.TDCMD-1) 
        Validate potentially tainted data before it is used in methods that generate code (BD.SECURITY.TDCODE-1) 
        Protect against Jakarta Digester injection (BD.SECURITY.TDDIG-1) 
        Protect against Environment injection (BD.SECURITY.TDENV-1) 
        Protect against File contents injection (BD.SECURITY.TDFILES-1) 
        Protect against File names injection (BD.SECURITY.TDFNAMES-1) 
        Exclude unsanitized user input from format strings (BD.SECURITY.TDINPUT-1) 
        Protect against JXPath injection (BD.SECURITY.TDJXPATH-1) 
        Protect against LDAP injection (BD.SECURITY.TDLDAP-1) 
        Protect against Library injection (BD.SECURITY.TDLIB-1) 
        Protect against HTTP response splitting (BD.SECURITY.TDRESP-1) 
        Protect against Reflection injection (BD.SECURITY.TDRFL-1) 
        Do not store untrusted data in HTTP session (BD.SECURITY.TDSESSION-1) 
        Protect against SQL injection (BD.SECURITY.TDSQL-1) 
        Protect against XML data injection (BD.SECURITY.TDXML-1) 
        Protect against XPath injection (BD.SECURITY.TDXPATH-1) 
        Protect against XSS vulnerabilities (BD.SECURITY.TDXSS-1) 
        Path should be standardized before validation (BD.SECURITY.CANPATH-2) 
        Encapsulate arguments of dangerous methods with a validation method (BD.SECURITY.EACM-2) 
        Check floating-point inputs for exceptional values (BD.SECURITY.FPEXC-2) 
        Avoid passing unvalidated binary data to log methods (BD.SECURITY.LOG-2) 
        Avoid operating on tainted data in privileged blocks (BD.SECURITY.PRIVIL-2) 
        Remove temporary files before termination (BD.SECURITY.REMTMP-2) 
        Avoid passing sensitive data to functions that write to log files (BD.SECURITY.SENSLOG-2) 
        Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar (BD.SECURITY.SIGCLASS-2) 
        Validate potentially tainted data before it is used to determine the size of memory allocation (BD.SECURITY.TDALLOC-2) 
        Protect against log forging (BD.SECURITY.TDLOG-2) 
        Protect against network resource injection (BD.SECURITY.TDNET-2) 
        Protect against using unprotected credentials (BD.SECURITY.TDPASSWD-2) 
        Validate all dangerous data (BD.SECURITY.VPPD-2) 
        Validate untrusted XML using schema or DTD before reading (BD.SECURITY.XMLVAL-2) 
        Do not expose data wrapped by a buffer to untrusted code (BD.SECURITY.BUFEXP-3) 
        Prevent security vulnerability (custom rule) (BD.SECURITY.CUSTOM-3) 
        Safely serialize sensitive data (BD.SECURITY.SSSD-3) 
     [1/1]  Exceptions (BD.EXCEPT) 
        Avoid NullPointerException (BD.EXCEPT.NP-1) 
 [5/5]  JavaBeans (BEAN) 
    Use appropriate signatures for listener method names in JavaBean classes (BEAN.BLNC-3) 
    Override 'Object.equals()' in JavaBean classes (BEAN.EQUALS-3) 
    Do not use JDBC code in JavaBean classes (BEAN.JDBC-3) 
    Ensure that JavaBean classes implement 'java.io.Serializable' (BEAN.SERIALIZABLE-3) 
    Define get and set methods for each instance field (BEAN.NFM-4) 
 [6/6]  Code Duplication Detection (CDD) 
    Avoid method duplication (CDD.DUPM-2) 
    Avoid class duplication (CDD.DUPT-2) 
    Avoid code duplication (CDD.DUPC-3) 
    Avoid duplicate import statements (CDD.DUPI-3) 
    Avoid string literal duplication (CDD.DUPS-3) 
    Avoid duplicated field initialization in constructors (CDD.DFI-4) 
 [154/206]  SEI CERT Oracle Coding Standard for Java (CERT) 
     [1/1]  IDS00-J: Prevent SQL Injection (CERT.IDS00) 
        Protect against SQL injection (CERT.IDS00.TDSQL-1) 
     [3/3]  NUM00-J: Detect or prevent integer overflow (CERT.NUM00) 
        Do not use an integer outside the range of [0, 31] as the amount of a shift (CERT.NUM00.BSA-2) 
        Avoid using compound assignment operators in cases which may cause overflow (CERT.NUM00.CACO-2) 
        Avoid calculations which result in overflow or NaN (CERT.NUM00.ICO-2) 
     [2/2]  NUM01-J: Do not perform bitwise and arithmetic operations on the same data (CERT.NUM01) 
        Avoid incorrect shift operations (CERT.NUM01.BADSHIFT-2) 
        Do not perform bitwise and arithmetic operations on the same data (CERT.NUM01.NCBAV-2) 
     [1/1]  IDS03-J: Do not log unsanitized user input (CERT.IDS03) 
        Protect against log forging (CERT.IDS03.TDLOG-2) 
     [1/1]  IDS06-J: Exclude unsanitized uer input from format strings (CERT.IDS06) 
        Ensure the correct number of arguments for varargs methods with format strings (CERT.IDS06.VAFS-2) 
     [1/1]  IDS07-J: Sanitize untrusted data passed to Runtime.exec() method (CERT.IDS07) 
        Do not use "Runtime.exec()" (CERT.IDS07.EXEC-1) 
     [1/1]  NUM08-J: Check floating-point inputs for exceptional values (CERT.NUM08) 
        Check floating-point inputs for exceptional values (CERT.NUM08.FPEXC-3) 
     [1/1]  NUM09-J: Do not use floating-point variables as loop counters (CERT.NUM09) 
        Do not use floating point variables as loop indices (CERT.NUM09.FPLI-3) 
     [1/1]  TSM02-J: Do not use background threads during class initialization (CERT.TSM02) 
        Do not call the "start" method of threads from inside a constructor (CERT.TSM02.CSTART-3) 
     [1/1]  NUM07-J: Do not attempt comparisons with NaN (CERT.NUM07) 
        Avoid comparisons to Double.NaN or Float.NaN (CERT.NUM07.NAN-3) 
     [9/9]  MET12-J: Do not use finalizers (CERT.MET12) 
        Avoid empty "finalize()" methods (CERT.MET12.EF-2) 
        Call 'super.finalize()' from 'finalize()' (CERT.MET12.FCF-2) 
        Avoid redundant 'finalize()' methods which only call the superclass' 'finalize()' method (CERT.MET12.FCSF-2) 
        Do not use 'finalize()' methods to unregister listeners (CERT.MET12.FM-2) 
        Call 'super.finalize()' in the "finally" block of 'finalize()' methods (CERT.MET12.IFF-2) 
        Give "finalize()" methods "protected" access (CERT.MET12.MFP-2) 
        Do not define 'finalize()' method in bean classes (CERT.MET12.MNDF-2) 
        Do not call 'finalize()' explicitly (CERT.MET12.NCF-2) 
        Do not overload the 'finalize()' method (CERT.MET12.OF-2) 
     [1/1]  NUM04-J: Do not use floating-point numbers if precise computation is required (CERT.NUM04) 
        Do not use "float" and "double" if exact answers are required (CERT.NUM04.UBD-3) 
     [1/1]  MET11-J: Ensure that keys used in comparison operations are immutable (CERT.MET11) 
        Ensure that keys used in comparison operations are immutable (CERT.MET11.IKICO-3) 
     [1/1]  NUM02-J: Ensure that division and remainder operations do not result in divide by zero errors (CERT.NUM02) 
        Avoid division by zero (CERT.NUM02.ZERO-3) 
     [1/1]  LCK10-J: Use a correct form of the double-checked locking idiom (CERT.LCK10) 
        Avoid unsafe implementations of the "double-checked locking" pattern (CERT.LCK10.DCL-3) 
     [1/1]  MET04-J: Do not increase the accessibility of overridden or hidden methods (CERT.MET04) 
        Do not override an instance "private" method (CERT.MET04.OPM-2) 
     [1/1]  MET07-J: Never declare a class method that hides a method declared in a superclass or superinterfaces (CERT.MET07) 
        Do not hide inherited "static" member methods (CERT.MET07.AHSM-3) 
     [1/1]  MET06-J: Do not invoke overridable methods in clone() (CERT.MET06) 
        Make your 'clone()' method "final" for security (CERT.MET06.CLONE-2) 
     [1/1]  MET09-J: Classes that define equals() method must also define hashCode() method (CERT.MET09) 
        Override 'Object.hashCode()' when you override 'Object.equals()' and vice versa (CERT.MET09.OVERRIDE-3) 
     [1/1]  TSM00-J: Do not override thread-safe methods with methods that are not thread-safe (CERT.TSM00) 
        Avoid overriding synchronized methods with non-synchronized methods (CERT.TSM00.OSNS-3) 
     [1/1]  MET08-J: Preserve the equality contract when overriding the equals() method (CERT.MET08) 
        Make sure implementation of Object.equals(Object) is reflexive (CERT.MET08.EQREFL-3) 
     [1/1]  TSM01-J: Do not let the this reference escape during object construction (CERT.TSM01) 
        Do not let "this" reference escape during construction (CERT.TSM01.CTRE-2) 
     [2/2]  VNA03-J: Do not assume that a group of calls to independently atomic methods is atomic (CERT.VNA03) 
        Access related Atomic variables in a synchronized block (CERT.VNA03.MRAV-3) 
        Make the get method for a field synchronized if the set method is synchronized (CERT.VNA03.SSUG-3) 
     [2/2]  VNA00-J: Ensure visibility when accessing shared primitive variables (CERT.VNA00) 
        Ensure that nested locks are ordered correctly (CERT.VNA00.LORD-2) 
        Access related Atomic variables in a synchronized block (CERT.VNA00.MRAV-2) 
     [2/2]  VNA02-J: Ensure that compound operations on shared variables are atomic (CERT.VNA02) 
        Access related Atomic variables in a synchronized block (CERT.VNA02.MRAV-2) 
        Make the get method for a field synchronized if the set method is synchronized (CERT.VNA02.SSUG-2) 
     [1/1]  NUM12-J: Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data (CERT.NUM12) 
        Do not cast primitive data types to lower precision (CERT.NUM12.CLP-3) 
     [1/1]  SER04-J: Do not allow serialization and deserialization to bypass the security manager (CERT.SER04) 
        Enforce 'SecurityManager' checks in methods of 'Serializable' classes (CERT.SER04.SCSER-1) 
     [1/1]  SER07-J: Do not use the default serialized form for classes with implementation-defined invariants (CERT.SER07) 
        Define a "readResolve" method for all instances of Serializable types (CERT.SER07.RRSC-2) 
     [1/1]  NUM10-J: Do not construct BigDecimal objects from floating-point literals (CERT.NUM10) 
        Do not pass floating point values to the 'BigDecimal' constructor (CERT.NUM10.BBDCC-3) 
     [1/1]  SER01-J: Do not deviate from the proper signatures of serialization methods (CERT.SER01) 
        Ensure that the 'readObject()' and 'writeObject()' methods have the correct signature (CERT.SER01.ROWO-1) 
     [1/1]  SER00-J: Enable serialization compatibility during class evolution (CERT.SER00) 
        Create a 'serialVersionUID' for all 'Serializable' classes (CERT.SER00.DUID-3) 
     [1/1]  SER03-J: Do not serialize unencrypted, sensitive data (CERT.SER03) 
        Inspect instance fields of serializable objects to make sure they will not expose sensitive information (CERT.SER03.SIF-2) 
     [1/1]  ENV02-J: Do not trust the values of environment variables (CERT.ENV02) 
        Do not use the non-portable 'System.getenv()' method (CERT.ENV02.ENV-3) 
     [1/1]  SER09-J: Do not invoke overridable methods from readObject() method (CERT.SER09) 
        Do not invoke overridable methods from the readObject() method (CERT.SER09.VREADOBJ-3) 
     [1/1]  NUM13-J: Avoid loss of precision when converting primitive integers to floating-point (CERT.NUM13) 
        Avoid implicit casts from integer data types to floating point data types (CERT.NUM13.AIC-3) 
     [2/2]  MET02-J: Do not use deprecated or obsolete classes or methods (CERT.MET02) 
        Do not use deprecated APIs (CERT.MET02.DPRAPI-3) 
        Avoid calling unsafe deprecated methods of 'Thread' and 'Runtime' (CERT.MET02.THRD-3) 
     [4/4]  OBJ05-J: Defensively copy private mutable class members before returning their references (CERT.OBJ05) 
        Enforce returning a defensive copy in 'clone()' methods (CERT.OBJ05.CPCL-1) 
        Do not pass user-given mutable objects directly to certain types (CERT.OBJ05.MPT-1) 
        Provide mutable classes with copy functionality (CERT.OBJ05.MUCOP-1) 
        Do not store user-given mutable objects directly into variables (CERT.OBJ05.SMO-1) 
     [4/4]  OBJ06-J: Defensively copy mutable inputs and mutable internal components (CERT.OBJ06) 
        Enforce returning a defensive copy in 'clone()' methods (CERT.OBJ06.CPCL-2) 
        Do not pass user-given mutable objects directly to certain types (CERT.OBJ06.MPT-2) 
        Provide mutable classes with copy functionality (CERT.OBJ06.MUCOP-2) 
        Do not store user-given mutable objects directly into variables (CERT.OBJ06.SMO-2) 
     [1/1]  OBJ07-J: Sensitive classes must not let themselves be copied (CERT.OBJ07) 
        Make your classes noncloneable (CERT.OBJ07.MCNC-2) 
     [1/1]  OBJ08-J: Do not expose private members of an outer class from within a nested class (CERT.OBJ08) 
        Make all member classes "private" (CERT.OBJ08.INNER-2) 
     [1/1]  LCK02-J: Do not synchronize on the class object returned by getClass() (CERT.LCK02) 
        Do not synchronize on the class object returned by the 'getClass' method (CERT.LCK02.SGC-2) 
     [1/1]  LCK00-J: Use private final lock objects to synchronize classes that may interact with untrusted code (CERT.LCK00) 
        Do not synchronize on "public" fields since doing so may cause deadlocks (CERT.LCK00.SOPF-3) 
     [1/1]  OBJ03-J: Prevent heap pollution (CERT.OBJ03) 
        Avoid conversions from parameterized types to raw types (CERT.OBJ03.AGBPT-3) 
     [1/1]  LCK01-J: Do not synchronize on objects that may be reused (CERT.LCK01) 
        Do not synchronize on constant Strings (CERT.LCK01.SCS-2) 
     [5/5]  OBJ04-J: Provide mutable classes with copy functionality to safely allow passing instances to untrusted code (CERT.OBJ04) 
        Make your 'clone()' method "final" for security (CERT.OBJ04.CLONE-3) 
        Enforce returning a defensive copy in 'clone()' methods (CERT.OBJ04.CPCL-3) 
        Do not pass user-given mutable objects directly to certain types (CERT.OBJ04.MPT-3) 
        Provide mutable classes with copy functionality (CERT.OBJ04.MUCOP-3) 
        Do not store user-given mutable objects directly into variables (CERT.OBJ04.SMO-3) 
     [1/1]  LCK06-J: Do not use an instance lock to protect shared static data (CERT.LCK06) 
        Do not use an instance lock to protect shared static data (CERT.LCK06.INSTLOCK-2) 
     [1/1]  LCK07-J: Avoid deadlock by requesting and releasing locks in the same order (CERT.LCK07) 
        Ensure that nested locks are ordered correctly (CERT.LCK07.LORD-3) 
     [1/1]  LCK04-J: Do not synchronize on a collection view if the backing collection is accessible (CERT.LCK04) 
        Do not synchronize on a collection view if the backing collection is accessible (CERT.LCK04.SOBC-3) 
     [1/1]  LCK05-J: Synchronize access to static fields that can be modified by untrusted code (CERT.LCK05) 
        Inspect accesses to "static" fields which may require synchronization (CERT.LCK05.IASF-3) 
     [2/2]  LCK08-J: Ensure acrively held locks are released on exceptional conditions (CERT.LCK08) 
        Do not abandon unreleased locks (CERT.LCK08.LOCK-3) 
        Release Locks in a "finally" block (CERT.LCK08.RLF-3) 
     [2/2]  LCK09-J: Do not perform operations that can block while holding a lock (CERT.LCK09) 
        Do not use blocking methods while holding a lock (CERT.LCK09.TSHL-3) 
        Do not call 'Thread.sleep()' while holding a lock since doing so can cause poor performance and deadlocks (CERT.LCK09.TSHL2-3) 
     [1/1]  SER11-J: Prevent overwriting of externalizable objects (CERT.SER11) 
        Avoid re-initializing fields in the 'readExternal()' method of 'Externalizable' classes (CERT.SER11.IRX-3) 
     [1/1]  MSC02-J: Generate strong random numbers (CERT.MSC02) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (CERT.MSC02.SRD-1) 
     [1/1]  MSC01-J: Do not use an empty infinite loop (CERT.MSC01) 
        Avoid control statements with empty bodies (CERT.MSC01.EB-3) 
     [1/1]  MSC00-J: Use SSLSocket rather than Socket for secure data exchange (CERT.MSC00) 
        Use the SSL-enabled version of classes when possible (CERT.MSC00.USC-2) 
     [1/1]  TPS00-J: Use thread pools to enable graceful degradation of service during traffic bursts (CERT.TPS00) 
        Do not call the 'start()' method directly on Thread class instances (CERT.TPS00.ISTART-3) 
     [1/1]  DCL00-J: Prevent class initialization cycles (CERT.DCL00) 
        Ensure that files do not contain cyclical dependencies (CERT.DCL00.ACD-3) 
     [1/1]  DCL02-J: Do not modify the collector's elements during an enhanced for statement (CERT.DCL02) 
        Do not modify collection while iterating over it (CERT.DCL02.ITMOD-3) 
     [3/3]  FIO04-J: Release resources when they are no longer needed (CERT.FIO04) 
        Close all "java.io.Closeable" resources in a "finally" block (CERT.FIO04.CCR-3) 
        Close input and output resources in "finally" blocks (CERT.FIO04.CIO-3) 
        Ensure resources are deallocated (CERT.FIO04.LEAKS-3) 
     [1/1]  FIO05-J: Do not expose buffers created using the wrap() or duplicate() methods to untrusted code (CERT.FIO05) 
        Do not expose data wrapped by a buffer to untrusted code (CERT.FIO05.BUFEXP-2) 
     [1/1]  FIO06-J: Do not create multiple buffered wrappers on a single byte of character strream (CERT.FIO06) 
        Do not create multiple buffered wrappers on a single byte or character stream (CERT.FIO06.MULBUF-3) 
     [1/1]  FIO07.JDo not let external process block on IO buffers (CERT.FIO07) 
        Do not use "Runtime.exec()" (CERT.FIO07.EXEC-3) 
     [1/1]  FIO08-J: Distinguish between characters or bytes read from a stream and -1 (CERT.FIO08) 
        Check the return value of methods which read or skip input (CERT.FIO08.CRRV-1) 
     [1/1]  FIO09-J: Do not rely on the write() method to output integers outside the range 0 - 255 (CERT.FIO09) 
        Do not rely on the write() method to output integers outside the range 0 to 255 (CERT.FIO09.ARGWRITE-3) 
     [2/2]  FIO03-J: Remove temporary files before termination (CERT.FIO03) 
        Avoid temporary files (CERT.FIO03.ATF-2) 
        Remove temporary files before termination (CERT.FIO03.REMTMP-2) 
     [3/3]  ERR01-J: Do not allow exceptions to expose sensitive data (CERT.ERR01) 
        Do not call the 'printStackTrace()' method of "Throwable" objects (CERT.ERR01.ACPST-2) 
        Avoid writing to Consoles (CERT.ERR01.ACW-2) 
        Catch all exceptions which may be thrown within Servlet methods (CERT.ERR01.CETS-2) 
     [1/1]  FIO16-J: Canonicalize path names before validating them. (CERT.FIO16) 
        Canonicalize all data before validation (CERT.FIO16.CDBV-2) 
     [2/2]  ERR00-J: Do not suppress or ignore checked exceptions (CERT.ERR00) 
        Ensure all exceptions are either logged with a standard logger or rethrown (CERT.ERR00.LGE-3) 
        Use a caught exception in the "catch" block (CERT.ERR00.UCATCH-3) 
     [2/2]  ERR09-J: Do not allow untrusted code to terminate the JVM (CERT.ERR09) 
        Do not call methods which terminates Java Virtual Machine (CERT.ERR09.EXIT-3) 
        Do not stop the JVM in a web component (CERT.ERR09.JVM-3) 
     [2/2]  ERR07-J: Do not throw RuntimeExceptions, Exceptions or Throwable (CERT.ERR07) 
        Do not throw exception types which are too general or are unchecked exceptions (CERT.ERR07.NTERR-3) 
        Avoid declaring methods to throw general or unchecked Exception types (CERT.ERR07.NTX-3) 
     [1/1]  ERR08-J: Do not catch NullPointerExceptions or any of its ancestors (CERT.ERR08) 
        Do not catch 'NullPointerException' (CERT.ERR08.NCNPE-2) 
     [2/2]  ERR05-J: Do not let checked exceptions escape from a finally block (CERT.ERR05) 
        Avoid using 'return's inside 'finally blocks if thare are other 'return's inside the try-catch block (CERT.ERR05.ARCF-3) 
        Do not exit "finally" blocks abruptly (CERT.ERR05.ATSF-3) 
     [1/1]  JNI01-J: Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance (LoadLibrary) (CERT.JNI01) 
        Protect against Library injection (CERT.JNI01.TDLIB-1) 
     [1/1]  ERR03-J: Restore prior object state on method failure (CERT.ERR03) 
        Restore prior object state on method failure (CERT.ERR03.REVOBJ-3) 
     [1/1]  JNI00-J: Define wrappers around native methods (CERT.JNI00) 
        Use wrapper methods to secure native methods (CERT.JNI00.NATIW-2) 
     [2/2]  ERR04-J: Do not complete abruptly from finally block (CERT.ERR04) 
        Avoid using 'return's inside 'finally blocks if thare are other 'return's inside the try-catch block (CERT.ERR04.ARCF-3) 
        Do not exit "finally" blocks abruptly (CERT.ERR04.ATSF-3) 
     [1/1]  MSC07-J: Prevent multiple instantiations of singleton objects (CERT.MSC07) 
        Make lazy initializations thread-safe (CERT.MSC07.ILI-3) 
     [1/1]  MSC06-J: Do not modify the underlying collection when an iteration is in progress (CERT.MSC06) 
        Do not modify collection while iterating over it (CERT.MSC06.ITMOD-3) 
     [1/1]  MSC04-J: Do not leak memory (CERT.MSC04) 
        Ensure resources are deallocated (CERT.MSC04.LEAKS-3) 
     [3/3]  MSC03-J: Never hard code sensitive information (CERT.MSC03) 
        Avoid hard-coding the arguments to certain methods (CERT.MSC03.AHCA-1) 
        Avoid using hard-coded cryptographic keys (CERT.MSC03.HCCK-1) 
        Avoid passing hardcoded usernames/passwords/URLs to database connection methods (CERT.MSC03.HCCS-1) 
     [1/1]  FIO12-J: Provide methods to read a write little-endian data (CERT.FIO12) 
        Provide methods to read and write little-endian data (CERT.FIO12.PMRWLED-3) 
     [1/1]  STR00-J: Don't form strings containing partial characters from variable-width encodings (CERT.STR00) 
        Do not use String concatenation in an Internationalized environment (CERT.STR00.COS-3) 
     [4/4]  FIO13-J: Do not log sensitive information outside a trusted boundary (CERT.FIO13) 
        Do not log confidential or sensitive information (CERT.FIO13.CONSEN-2) 
        Avoid logging sensitive Hibernate-related information at the 'info' level in 'log4j.properties' files (CERT.FIO13.LHII-2) 
        Do not pass exception messages into output in order to prevent the application from leaking sensitive information (CERT.FIO13.PEO-2) 
        Prevent exposure of sensitive data (CERT.FIO13.SENS-2) 
     [1/1]  STR01-J: Do not assume that a Java char fully represents a Unicode code point (CERT.STR01) 
        Do not assume that a Java char fully represents a Unicode code point (CERT.STR01.NCUCP-3) 
     [3/3]  FIO14-J: Perform proper cleanup at program termination (CERT.FIO14) 
        Close all "java.io.Closeable" resources in a "finally" block (CERT.FIO14.CCR-2) 
        Close input and output resources in "finally" blocks (CERT.FIO14.CIO-2) 
        Close resources as early as possible (CERT.FIO14.CRWD-2) 
     [2/2]  STR02-J: Specify an appropriate locale when comparing locale-dependent data (CERT.STR02) 
        Use the optional java.util.Locale parameter (CERT.STR02.CCL-2) 
        Do not call 'Character.toLowerCase(char)' or 'Character.toUpperCase(char)' in an internationalized environment (CERT.STR02.CTLC-2) 
     [1/1]  OBJ09-J: Compare classes and not class names (CERT.OBJ09) 
        Do not compare Class objects by name (CERT.OBJ09.CMP-1) 
     [1/1]  SEC04-J: Protect sensitive operations with security manager checks (CERT.SEC04) 
        Enforce 'SecurityManager' checks before setting or getting fields (CERT.SEC04.SCF-1) 
     [1/1]  SEC03-J: Do not load trusted classes after allowing untrusted code to load in arbitrary classes (CERT.SEC03) 
        Do not access the class loader in a web component (CERT.SEC03.ACL-1) 
     [1/1]  SEC05-J: Do not use reflection to increase accessibility of classes, methods or fields (CERT.SEC05) 
        Avoid using reflection methods (CERT.SEC05.ARM-1) 
     [2/2]  EXP00-J: Do not ignore values returned by methods (CERT.EXP00) 
        Avoid "try", "catch" and "finally" blocks with empty bodies (CERT.EXP00.AECB-2) 
        Ensure method and constructor return values are used (CERT.EXP00.NASSIG-2) 
     [1/1]  EXP02-J: Do not use the Object.equals() method to compare two arrays (CERT.EXP02) 
        Do not use '==' or '!=' to compare objects (CERT.EXP02.UEIC-3) 
     [1/1]  SEC02-J: Do not base security checks on untrusted sources (CERT.SEC02) 
        Protect against Reflection injection (CERT.SEC02.TDRFL-1) 
     [2/2]  EXP01-J: Do not use a null in a case where an object is required (CERT.EXP01) 
        Ensure that dereferenced variables match variables which were previously checked for "null" (CERT.EXP01.NCMD-3) 
        Avoid NullPointerException (CERT.EXP01.NP-3) 
     [1/1]  SEC01-J: Do not allow tainted variables in privileged blocks (CERT.SEC01) 
        Avoid operating on tainted data in privileged blocks (CERT.SEC01.PRIVIL-1) 
     [2/2]  OBJ10-J: Do not use public static nonfinal variables (CERT.OBJ10) 
        Avoid referencing mutable fields (CERT.OBJ10.RMO-2) 
        Inspect 'static' fields which may have intended to be declared 'static final' (CERT.OBJ10.SPFF-2) 
     [1/1]  OBJ11-J: Be wary of letting constructors throw exceptions (CERT.OBJ11) 
        Do not throw exceptions from constructors of "public" non-"final" classes (CERT.OBJ11.EPNFC-1) 
     [1/1]  IDS11-J: Perform any string modifications before validation (CERT.IDS11) 
        Validate all dangerous data (CERT.IDS11.VPPD-1) 
     [1/1]  THI00-J: Do not invoke Thread::run() (CERT.THI00) 
        Do not call the 'run()' method directly on classes extending 'java.lang.Thread' or implementing 'java.lang.Runnable' (CERT.THI00.IRUN-3) 
     [1/1]  THI02-J: Notify all waiting threads rather than a single thread (CERT.THI02) 
        Do not use 'notify()'; use 'notifyAll()' instead so that all waiting threads will be notified (CERT.THI02.ANF-3) 
     [1/1]  THI01-J: Do not invode ThreadGroup methods (CERT.THI01) 
        Do not use variables of the unsafe type 'java.lang.ThreadGroup' (CERT.THI01.AUTG-3) 
     [1/1]  IDS16-J: Prevent XML injection (CERT.IDS16) 
        Protect against XML data injection (CERT.IDS16.TDXML-1) 
     [1/1]  EXP03-J: Do not use the equality operators when comparing boxed values (CERT.EXP03) 
        Do not use '==' or '!=' to compare objects (CERT.EXP03.UEIC-3) 
     [1/1]  EXP05-J: Do not follow a write by a subsequent write or read of the same object within an expression (CERT.EXP05) 
        Avoid using increment or decrement operators in nested expressions (CERT.EXP05.CID-3) 
     [1/1]  THI03-J: Always invoke wait() and await() methods inside a loop (CERT.THI03) 
        Call 'wait()' and 'await()' only inside a loop that tests the liveness condition (CERT.THI03.UWIL-3) 
     [1/1]  THI05-J: Do not use Thread::stop() to terminate threads. (CERT.THI05) 
        Avoid calling unsafe deprecated methods of 'Thread' and 'Runtime' (CERT.THI05.THRD-3) 
 [112/112]  Coding Conventions (CODSTA) 
     [11/11]  Poor Object Oriented Design (CODSTA.POD) 
        Avoid constant interface anti-pattern (CODSTA.POD.ACIAP-3) 
        Avoid "static" methods when the declaring class is a parameter type (CODSTA.POD.ASM-3) 
        Use less specific types to accomplish loose coupling (CODSTA.POD.AUVT-3) 
        Use chain constructors in classes with multiple constructors (CODSTA.POD.CHAIN-3) 
        Avoid chains of "instanceof" comparisons (CODSTA.POD.CIOC-3) 
        Do not access static members indirectly (CODSTA.POD.IASM-3) 
        Avoid "switch" statements with too many or too few "case" statements (CODSTA.POD.SMC-3) 
        Use "enum" types instead of a series of "static final" constants (CODSTA.POD.UET-3) 
        Enforce or avoid the use of parameterized types (CODSTA.POD.UPT-3) 
        Do not define constants in interfaces (CODSTA.POD.ISACF-4) 
        Define a no argument constructor whenever possible (CODSTA.POD.DCTOR-5) 
     [24/24]  Bad Practice (CODSTA.BP) 
        Avoid returning "null" for arrays and certain types (CODSTA.BP.ARN-2) 
        Avoid passing non-reifiable types to varargs methods (CODSTA.BP.NRVA-2) 
        Avoid label statements (CODSTA.BP.AULS-3) 
        Avoid using multiple loggers, use logging levels instead (CODSTA.BP.AUML-3) 
        Provide a '{}' block for conditional statements (CODSTA.BP.BLK-3) 
        Avoid unnecessary nested blocks (CODSTA.BP.BLOCK-3) 
        Declare fields with uppercase character names as "final" (CODSTA.BP.CFNF-3) 
        Avoid 'public' or 'protected' constructors for immutable classes (CODSTA.BP.CMUTA-3) 
        Place constants on the appropriate side of comparisons (CODSTA.BP.CS-3) 
        Declare loggers as "static final" fields (CODSTA.BP.DLSF-3) 
        Do not call methods which terminates Java Virtual Machine (CODSTA.BP.EXIT-3) 
        Declare all formal parameters as "final" (CODSTA.BP.FPF-3) 
        Avoid using 'Hashtable' and 'Vector' (CODSTA.BP.HTV-3) 
        Avoid or enforce usage of '*' form of import statements (CODSTA.BP.IMPTD-3) 
        Avoid declaring methods to throw general or unchecked Exception types (CODSTA.BP.NTX-3) 
        Ensure that a class which has only "private" constructors is declared as "final" (CODSTA.BP.PCF-3) 
        Avoid "break" and/or "continue" with labels (CODSTA.BP.ABCL-4) 
        Avoid declaring methods that return 'Object' (CODSTA.BP.AMRO-4) 
        Avoid using reflection methods (CODSTA.BP.ARM-4) 
        Avoid using wildcards in method return types (CODSTA.BP.AWRT-4) 
        Reference interface constants with their declaring interface names (CODSTA.BP.FQNIC-4) 
        Do not use "break" and/or "continue" statements (CODSTA.BP.CONTINUE-5) 
        Ensure overloaded constructors and methods share the same accessibility (CODSTA.BP.OCMA-5) 
        Do not define "public" or "protected" members in anonymous classes (CODSTA.BP.PPAC-5) 
     [15/15]  Organization (CODSTA.ORG) 
        Do not use assertions in production code (CODSTA.ORG.ASSERT-3) 
        Do not make method calls to internal classes from non-internal classes (CODSTA.ORG.DINT-3) 
        Order class elements appropriately (CODSTA.ORG.FO-3) 
        Avoid importing specific classes or packages (CODSTA.ORG.IMP-3) 
        Organize methods by name (CODSTA.ORG.OGM-3) 
        Order compilation unit elements appropriately (CODSTA.ORG.ORCU-3) 
        Ensure all types have a non default package name (CODSTA.ORG.UNDPN-3) 
        Do not have more than one type in each file (CODSTA.ORG.AMOC-4) 
        Define constants in an "interface" (CODSTA.ORG.DCI-4) 
        Ensure that comments do not contain task tags (CODSTA.ORG.TODOJAVA-4) 
        Ensure that comments do not contain task tags (CODSTA.ORG.TODOPROP-4) 
        Ensure that comments do not contain task tags (CODSTA.ORG.TODOXML-4) 
        Place 'finalize()' methods between "public" and "protected" methods (CODSTA.ORG.ORFIM-5) 
        Present "import" statements in alphabetical order (CODSTA.ORG.ORIMP-5) 
        Place the 'main()' method last (CODSTA.ORG.PML-5) 
     [15/15]  Error-Prone Coding (CODSTA.EPC) 
        Call 'super.clone()' in all 'clone()' methods (CODSTA.EPC.SCLONE-1) 
        Do not use constructors in the 'clone()' method (CODSTA.EPC.CLNC-2) 
        Do not call methods that might cause unexpected NullPointerExceptions during constructor execution (CODSTA.EPC.NCNFC-2) 
        Avoid conversions from parameterized types to raw types (CODSTA.EPC.AGBPT-3) 
        Avoid using the conditional operator with mismatched numeric types (CODSTA.EPC.COMT-3) 
        Do not perform bitwise and arithmetic operations on the same data (CODSTA.EPC.NCBAV-3) 
        Do not catch exception types which are too general or are unchecked exceptions (CODSTA.EPC.NCE-3) 
        Avoid using the same generic type variable for multiple method arguments (CODSTA.EPC.STA-3) 
        Use 'StringTokenizer' instead of 'indexOf()' and 'substring()' for String parsing (CODSTA.EPC.UST-3) 
        Do not call an "abstract" method from a constructor in an "abstract" class (CODSTA.EPC.NCAC-4) 
        Use overloading judiciously (CODSTA.EPC.OVERLOAD-4) 
        Do not make assignments to method parameters (CODSTA.EPC.AFP-5) 
        Use "int" instead of "byte" or "short" and "double" instead of "float" for variable declarations (CODSTA.EPC.IBS-5) 
        Do not use too many non-"final" "static" fields (CODSTA.EPC.MSF-5) 
        Do not write to static fields from non-static methods (CODSTA.EPC.WSIM-5) 
     [39/39]  Readability (CODSTA.READ) 
        Avoid literal constants (CODSTA.READ.USN-2) 
        Do not use complicated conditional expressions in control structures (CODSTA.READ.ACCS-3) 
        Access and set fields directly in the declaring type instead of using getter and setter methods (CODSTA.READ.AFD-3) 
        Avoid anonymous inner classes (CODSTA.READ.AIC-3) 
        Avoid static import statements (CODSTA.READ.ASIS-3) 
        Avoid unnecessary calls to 'toString()' (CODSTA.READ.AUTS-3) 
        Comment the ends of control structures (CODSTA.READ.CCB-3) 
        Comment empty blocks (CODSTA.READ.CEB-3) 
        Avoid using increment or decrement operators in nested expressions (CODSTA.READ.CID-3) 
        Enforce or avoid usage of conditional operators (CODSTA.READ.CX-3) 
        Explicitly call one of the superclass' constructors from all constructors (CODSTA.READ.ECSC-3) 
        Declare "private" constant fields "final" (CODSTA.READ.FF-3) 
        Declare constant local variables "final" (CODSTA.READ.FLV-3) 
        Avoid using Hexadecimal binary exponents (CODSTA.READ.HBE-3) 
        Avoid having a lower-case "l" or the number "1" at the end of a "long" integer constant (CODSTA.READ.LONG-3) 
        Do not declare multiple variables in one statement (CODSTA.READ.MVOS-3) 
        Avoid nested assignments or assignments embedded in other expressions (CODSTA.READ.NEA-3) 
        Avoid non-static initializers (CODSTA.READ.NSI-3) 
        Declare "for" loops with an initializer, conditional, and updater statements (CODSTA.READ.PCIF-3) 
        Do not declare "public" constructors in non-public classes (CODSTA.READ.PCTOR-3) 
        Use 'isEmpty()' for Collections and Maps instead of comparing 'size()' to 0 (CODSTA.READ.SIE-3) 
        Avoid or enforce the use of "this" and "super" expressions (CODSTA.READ.UATS-3) 
        Use underscore characters (_) in numerical literal (CODSTA.READ.ULIT-3) 
        Do not declare multiple variables of different types in one statement (CODSTA.READ.VDT-3) 
        Limit the number of initialization and update statements in "for" loops (CODSTA.READ.VIFS-3) 
        Do not rely on automatic boxing and unboxing of primitive types (CODSTA.READ.ABUB-4) 
        Do not use fully qualified type names (CODSTA.READ.AFQN-4) 
        Avoid using negative logic in if-else statement (CODSTA.READ.ANL-4) 
        Do not use too many negation operators '!' in a single method (CODSTA.READ.DUN-4) 
        Declare variables as close as possible to where they are used (CODSTA.READ.DVCU-4) 
        Minimize "try" block size (CODSTA.READ.MTBS-4) 
        Declare never-modified collections as "unmodifiable" for clarity (CODSTA.READ.NMUC-4) 
        Put declarations only at the beginning of blocks (CODSTA.READ.PDBB-4) 
        Avoid create integer values from binary notation using Integer.parseInt() methods (CODSTA.READ.UBL-4) 
        Avoid or enforce usage of enhanced "for" loops (CODSTA.READ.AEFS-5) 
        Comment local variables (CODSTA.READ.CLV-5) 
        Always call 'Collection.toArray()' with an empty constant array argument (CODSTA.READ.CTA-5) 
        Avoid using "do-while" statements (CODSTA.READ.DOWHILE-5) 
        Enforce use of "for" or "while" loops (CODSTA.READ.PFL-5) 
     [8/8]  Overriding and Implementing Methods (CODSTA.OIM) 
        Override 'Object.hashCode()' when you override 'Object.equals()' and vice versa (CODSTA.OIM.OVERRIDE-1) 
        Do not override non "abstract" methods of a parent class with "abstract" methods (CODSTA.OIM.AMMO-3) 
        Declare 'clone() throws CloneNotSupportedException' for Cloneable class (CODSTA.OIM.CLONE-3) 
        Use the 'clone()' method only to implement 'Cloneable' interface (CODSTA.OIM.CLONE2-3) 
        Ensure 'clone()' method of non-final Cloneable class declared to throw 'CloneNotSupportedException' (CODSTA.OIM.CLONET-3) 
        Define a "static" 'valueOf()' method for "enum" types which override 'toString()' (CODSTA.OIM.DVOM-3) 
        Do not override 'toString()' in enum types (CODSTA.OIM.OVOTS-3) 
        Override 'toString()' (CODSTA.OIM.OTOSM-4) 
 [391/433]  Common Weakness Enumeration 4.9 (CWE) 
     [2/2]  CWE-787: Out-of-bounds Write (CWE.787) 
        Avoid unvalidated input in array indexes (CWE.787.ARRAYSEC-1) 
        Avoid accessing arrays out of bounds (CWE.787.ARRAY-2) 
     [2/2]  CWE-543: Use of Singleton Pattern Without Synchronization in a Multithreaded Context (CWE.543) 
        Inspect accesses to "static" fields which may require synchronization (CWE.543.IASF-3) 
        Make lazy initializations thread-safe (CWE.543.ILI-3) 
     [1/1]  CWE-662: Improper Synchronization (CWE.662) 
        Variable should be used in context of single critical section (CWE.662.DIFCS-2) 
     [1/1]  CWE-306: Missing Authentication for Critical Function (CWE.306) 
        Ensure that an appropriate security manager is set (CWE.306.SSM-1) 
     [1/1]  CWE-427: Uncontrolled Search Path Element (CWE.427) 
        Always specify absolute paths to execute commands (CWE.427.PBRTE-1) 
     [1/1]  CWE-307: Improper Restriction of Excessive Authentication Attempts (CWE.307) 
        Ensure sufficient protection against multiple failed authentication attempts (CWE.307.PBFA-5) 
     [3/3]  CWE-546: Suspicious Comment (CWE.546) 
        Ensure that comments do not contain task tags (CWE.546.TODOJAVA-4) 
        Ensure that comments do not contain task tags (CWE.546.TODOPROP-4) 
        Ensure that comments do not contain task tags (CWE.546.TODOXML-4) 
     [2/2]  CWE-667: Improper Locking (CWE.667) 
        Unrestricted lock resource (CWE.667.CLOSE-1) 
        Do not abandon unreleased locks (CWE.667.LOCK-1) 
     [2/2]  CWE-15: External Control of System or Configuration Setting (CWE.15) 
        Do not access or set System properties (CWE.15.SYSP-2) 
        Use a Context Object to manage HTTP request parameters (CWE.15.UCO-2) 
     [1/1]  CWE-426: Untrusted Search Path (CWE.426) 
        Always specify absolute paths to execute commands (CWE.426.PBRTE-1) 
     [1/1]  CWE-789: Memory Allocation with Excessive Size Value (CWE.789) 
        Validate potentially tainted data before it is used to determine the size of memory allocation (CWE.789.TDALLOC-2) 
     [1/1]  CWE-413: Improper Resource Locking (CWE.413) 
        Ensure that nested locks are ordered correctly (CWE.413.LORD-2) 
     [2/2]  CWE-652: Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') (CWE.652) 
        Protect against XPath injection (CWE.652.TDXPATH-1) 
        Avoid XPath injection when evaluating XPath queries (CWE.652.XPIJ-1) 
     [2/2]  CWE-532: Insertion of Sensitive Information into Log File (CWE.532) 
        Do not log confidential or sensitive information (CWE.532.CONSEN-1) 
        Avoid passing sensitive data to functions that write to log files (CWE.532.SENSLOG-2) 
     [1/1]  CWE-771: Missing Reference to Active Allocated Resource (CWE.771) 
        Ensure resources are deallocated (CWE.771.LEAKS-1) 
     [2/2]  CWE-772: Missing Release of Resource after Effective Lifetime (CWE.772) 
        Unrestricted lock resource (CWE.772.CLOSE-1) 
        Ensure resources are deallocated (CWE.772.LEAKS-1) 
     [2/2]  CWE-770: Allocation of Resources Without Limits or Throttling (CWE.770) 
        Validate potentially tainted data before it is used to determine the size of memory allocation (CWE.770.TDALLOC-2) 
        Do not call the 'start()' method directly on Thread class instances (CWE.770.ISTART-4) 
     [27/27]  CWE-20: Improper Input Validation (CWE.20) 
        Do not extend from the Struts classes 'ActionForm' and 'DynaActionForm' (CWE.20.AEAF-1) 
        Avoid unvalidated input in array indexes (CWE.20.ARRAYSEC-1) 
        Always call 'super.validate()' from validation methods in 'ActionForm' classes (CWE.20.CSVFV-1) 
        Avoid duplicated forms in the 'validation.xml' (CWE.20.DFV-1) 
        Do not use resources that have been freed (CWE.20.FREE-1) 
        Avoid calculations which result in overflow or NaN (CWE.20.ICO-1) 
        Ensure Plugins are added in the 'struts-config.xml' (CWE.20.PLUGIN-1) 
        Exclude unsanitized user input from format strings (CWE.20.TDINPUT-1) 
        Protect against Library injection (CWE.20.TDLIB-1) 
        Protect against HTTP response splitting (CWE.20.TDRESP-1) 
        Protect against Reflection injection (CWE.20.TDRFL-1) 
        Avoid accessing arrays out of bounds (CWE.20.ARRAY-2) 
        Do not use an integer outside the range of [0, 31] as the amount of a shift (CWE.20.BSA-2) 
        Do not cast primitive data types to lower precision (CWE.20.CLP-2) 
        Do not access or set System properties (CWE.20.SYSP-2) 
        Validate potentially tainted data before it is used to determine the size of memory allocation (CWE.20.TDALLOC-2) 
        Protect against log forging (CWE.20.TDLOG-2) 
        Use a Context Object to manage HTTP request parameters (CWE.20.UCO-2) 
        Inspect usage of standard API calls that bypass security (CWE.20.APIBS-3) 
        Prevent external processes from blocking on output or error streams (CWE.20.BUSSB-3) 
        Avoid using compound assignment operators in cases which may cause overflow (CWE.20.CACO-3) 
        Always check parameters before use in array access (CWE.20.CAI-3) 
        Ensure validators are enabled in the 'struts-config.xml' (CWE.20.EV-3) 
        Avoid integer overflows (CWE.20.INTOVERF-3) 
        Use unsigned right shift instead of division when overflow is possible (CWE.20.IOF-3) 
        Use wrapper methods to secure native methods (CWE.20.NATIW-3) 
        Do not use user-defined "native" methods (CWE.20.NATV-3) 
     [1/1]  CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE.22) 
        Protect against File names injection (CWE.22.TDFNAMES-1) 
     [1/1]  CWE-416: Use After Free (CWE.416) 
        Do not use resources that have been freed (CWE.416.FREE-1) 
     [1/1]  CWE-778: Insufficient Logging (CWE.778) 
        Ensure all sensitive method invocations are logged (CWE.778.ENFL-3) 
     [11/11]  CWE-522: Insufficiently Protected Credentials (CWE.522) 
        Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files (CWE.522.PCCF-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (CWE.522.PWDPROP-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (CWE.522.PWDXML-1) 
        Avoid storing unencrypted Hibernate usernames and passwords in 'web.xml' files (CWE.522.UPWD-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files (CWE.522.WCPWD-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files (CWE.522.WPWD-1) 
        Password information should not be included in properties file in plaintext (CWE.522.PLAIN-2) 
        Protect against using unprotected credentials (CWE.522.TDPASSWD-2) 
        Avoid using plain text passwords in Axis 'wsdd' files (CWE.522.PTPT-3) 
        Use the SSL-enabled version of classes when possible (CWE.522.USC-3) 
        Avoid using plain text passwords in Axis2 configuration files (CWE.522.UTAX-3) 
     [2/2]  CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection') (CWE.643) 
        Protect against JXPath injection (CWE.643.TDJXPATH-1) 
        Protect against XPath injection (CWE.643.TDXPATH-1) 
     [1/1]  CWE-764: Multiple Locks of a Critical Resource (CWE.764) 
        Avoid double locking (CWE.764.DLOCK-1) 
     [1/1]  CWE-523: Unprotected Transport of Credentials (CWE.523) 
        Use the SSL-enabled version of classes when possible (CWE.523.USC-3) 
     [1/1]  CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax (CWE.644) 
        Protect against HTTP response splitting (CWE.644.TDRESP-1) 
     [4/4]  CWE-400: Uncontrolled Resource Consumption (CWE.400) 
        Avoid using the DriverManagerDataSource class in production code (CWE.400.DMDS-1) 
        Ensure resources are deallocated (CWE.400.LEAKS-1) 
        Validate potentially tainted data before it is used to determine the size of memory allocation (CWE.400.TDALLOC-2) 
        Do not call the 'start()' method directly on Thread class instances (CWE.400.ISTART-4) 
     [1/1]  CWE-521: Weak Password Requirements (CWE.521) 
        Use the 'minlength' validator for password fields in 'validation.xml' (CWE.521.MLVP-2) 
     [3/3]  CWE-404: Improper Resource Shutdown or Release (CWE.404) 
        Close JDBC objects in the correct order (CWE.404.COCO-3) 
        Close resources as early as possible (CWE.404.CRWD-3) 
        Do not open or close JDBC connections in loops (CWE.404.ODBIL-3) 
     [1/1]  CWE-511: Logic/Time Bomb (CWE.511) 
        Inspect 'Random' objects or 'Math.random()' methods that could indicate areas where malicious code has been placed (CWE.511.RDM-5) 
     [1/1]  CWE-198: Use of Incorrect Byte Ordering (CWE.198) 
        Provide methods to read and write little-endian data (CWE.198.PMRWLED-4) 
     [1/1]  CWE-193: Off-by-one Error (CWE.193) 
        Avoid off-by-one errors in loop conditions (CWE.193.AOBO-2) 
     [2/2]  CWE-191: Integer Underflow (Wrap or Wraparound) (CWE.191) 
        Do not use an integer outside the range of [0, 31] as the amount of a shift (CWE.191.BSA-2) 
        Avoid integer overflows (CWE.191.INTOVERF-3) 
     [6/6]  CWE-190: Integer Overflow or Wraparound (CWE.190) 
        Avoid calculations which result in overflow or NaN (CWE.190.ICO-1) 
        Do not use an integer outside the range of [0, 31] as the amount of a shift (CWE.190.BSA-2) 
        Do not cast primitive data types to lower precision (CWE.190.CLP-2) 
        Avoid using compound assignment operators in cases which may cause overflow (CWE.190.CACO-3) 
        Avoid integer overflows (CWE.190.INTOVERF-3) 
        Use unsigned right shift instead of division when overflow is possible (CWE.190.IOF-3) 
     [1/1]  CWE-759: Use of a One-Way Hash without a Salt (CWE.759) 
        Use hash functions with a salt (CWE.759.MDSALT-1) 
     [1/1]  CWE-755: Improper Handling of Exceptional Conditions (CWE.755) 
        Do not catch InterruptedException except in classes extending Thread (CWE.755.CIET-4) 
     [1/1]  CWE-500: Public Static Field Not Marked Final (CWE.500) 
        Inspect 'static' fields which may have intended to be declared 'static final' (CWE.500.SPFF-3) 
     [2/2]  CWE-863: Incorrect Authorization (CWE.863) 
        Avoid defining multiple security roles with the same name in 'web.xml' files (CWE.863.DSR-1) 
        Ensure that each security role referenced in a 'web.xml' file has a corresponding definition (CWE.863.SRCD-3) 
     [1/1]  CWE-501: Trust Boundary Violation (CWE.501) 
        Do not store untrusted data in HTTP session (CWE.501.TDSESSION-1) 
     [2/2]  CWE-862: Missing Authorization (CWE.862) 
        Avoid EJB 3 methods without security annotations (CWE.862.PERMIT-1) 
        Include an appropriate '<login-config>' element to specify the type of authentication to be performed in 'web.xml' files (CWE.862.LCA-3) 
     [1/1]  CWE-185: Incorrect Regular Expression (CWE.185) 
        Avoid using "." as a regular expression in 'String.replaceAll()' and 'String.replaceFirst()' (CWE.185.REP-2) 
     [1/1]  CWE-506: Embedded Malicious Code (CWE.506) 
        Avoid using hard-coded cryptographic keys (CWE.506.HCCK-1) 
     [3/3]  CWE-749: Exposed Dangerous Method or Function (CWE.749) 
        Declare package-private methods as inaccessible as possible (CWE.749.DPAM-2) 
        Declare a package-private method "final" if it is not overridden (CWE.749.SPAM-2) 
        Declare "public/protected" methods as inaccessible as possible (CWE.749.DPPM-4) 
     [6/6]  CWE-502: Deserialization of Untrusted Data (CWE.502) 
        Avoid parsing untrusted data with XMLDecoder (CWE.502.AUXD-2) 
        Disable LDAP deserialization (CWE.502.SC-2) 
        Assign 'protected' accessibility to 'readResolve()' and 'writeReplace()' methods in serializable classes (CWE.502.MASP-3) 
        Ensure that all fields are assigned by the 'readObject()' method and written out by the 'writeObject()' method (CWE.502.RWAF-3) 
        Safely serialize sensitive data (CWE.502.SSSD-3) 
        Validate objects before deserialization (CWE.502.VOBD-3) 
     [2/2]  CWE-611: Improper Restriction of XML External Entity Reference (CWE.611) 
        Disable XML external entity injection (CWE.611.DXXE-2) 
        Validate untrusted XML using schema or DTD before reading (CWE.611.XMLVAL-2) 
     [2/2]  CWE-732: Incorrect Permission Assignment for Critical Resource (CWE.732) 
        Mark cookies as HttpOnly (CWE.732.SCHTTP-2) 
        Avoid setting the write or execute file permissions to unintended users (CWE.732.IDP-5) 
     [1/1]  CWE-297: Improper Validation of Certificate with Host Mismatch (CWE.297) 
        Properly validate server identity (CWE.297.VSI-2) 
     [2/2]  CWE-295: Improper Certificate Validation (CWE.295) 
        Ensure the HostnameVerifier.verify() method validates the certificate (CWE.295.HV-1) 
        Properly validate server identity (CWE.295.VSI-2) 
     [1/1]  CWE-290: Authentication Bypass by Spoofing (CWE.290) 
        Do not rely on IP addresses obtained from HTTP request headers for authentication (CWE.290.HTTPRHA-3) 
     [1/1]  CWE-617: Reachable Assertion (CWE.617) 
        Do not use assertions in production code (CWE.617.ASSERT-3) 
     [1/1]  CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CWE.614) 
        Use the ''getSecure()'' and ''setSecure()'' methods to enforce the use of secure cookies (CWE.614.UOSC-1) 
     [2/2]  CWE-613: Insufficient Session Expiration (CWE.613) 
        Ensure proper session expiration (CWE.613.RUIM-1) 
        Ensure that sessions are configured to time out in 'web.xml' files (CWE.613.STTL-1) 
     [1/1]  CWE-841: Improper Enforcement of Behavioral Workflow (CWE.841) 
        Avoid EJB 3 methods without security annotations (CWE.841.PERMIT-1) 
     [1/1]  CWE-600: Uncaught Exception in Servlet (CWE.600) 
        Catch all exceptions which may be thrown within Servlet methods (CWE.600.CETS-4) 
     [21/21]  CWE-287: Improper Authentication (CWE.287) 
        Avoid DNS lookups for decision making (CWE.287.DNSL-1) 
        Avoid using hard-coded cryptographic keys (CWE.287.HCCK-1) 
        Avoid passing hardcoded usernames/passwords/URLs to database connection methods (CWE.287.HCCS-1) 
        Ensure the HostnameVerifier.verify() method validates the certificate (CWE.287.HV-1) 
        Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files (CWE.287.PCCF-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (CWE.287.PWDPROP-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (CWE.287.PWDXML-1) 
        Ensure that an appropriate security manager is set (CWE.287.SSM-1) 
        Avoid storing unencrypted Hibernate usernames and passwords in 'web.xml' files (CWE.287.UPWD-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files (CWE.287.WCPWD-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files (CWE.287.WPWD-1) 
        Avoid using cryptographic keys which are too short (CWE.287.CKTS-2) 
        Use the 'minlength' validator for password fields in 'validation.xml' (CWE.287.MLVP-2) 
        Password information should not be included in properties file in plaintext (CWE.287.PLAIN-2) 
        Protect against using unprotected credentials (CWE.287.TDPASSWD-2) 
        Properly validate server identity (CWE.287.VSI-2) 
        Do not rely on IP addresses obtained from HTTP request headers for authentication (CWE.287.HTTPRHA-3) 
        Avoid using plain text passwords in Axis 'wsdd' files (CWE.287.PTPT-3) 
        Use the SSL-enabled version of classes when possible (CWE.287.USC-3) 
        Avoid using plain text passwords in Axis2 configuration files (CWE.287.UTAX-3) 
        Ensure sufficient protection against multiple failed authentication attempts (CWE.287.PBFA-5) 
     [1/1]  CWE-609: Double-Checked Locking (CWE.609) 
        Avoid unsafe implementations of the "double-checked locking" pattern (CWE.609.DCL-2) 
     [2/2]  CWE-607: Public Static Final Field References Mutable Object (CWE.607) 
        Ensure "static" "final" fields are immutable (CWE.607.IMM-3) 
        Avoid referencing mutable fields (CWE.607.RMO-3) 
     [1/1]  CWE-605: Multiple Binds to the Same Port (CWE.605) 
        Do not hard-code IP addresses and port numbers (CWE.605.HCNA-3) 
     [4/4]  CWE-601: URL Redirection to Untrusted Site ('Open Redirect') (CWE.601) 
        Protect against HTTP response splitting (CWE.601.TDRESP-1) 
        Protect against network resource injection (CWE.601.TDNET-2) 
        Use a Context Object to manage HTTP request parameters (CWE.601.UCO-2) 
        Encapsulate all redirect and forward URLs with a validation function (CWE.601.VRD-2) 
     [1/1]  CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') (CWE.843) 
        Do not call 'equals()' methods that always return false (CWE.843.EQUS-1) 
     [1/1]  CWE-279: Incorrect Execution-Assigned Permissions (CWE.279) 
        Avoid setting the write or execute file permissions to unintended users (CWE.279.IDP-5) 
     [2/2]  CWE-397: Declaration of Throws for Generic Exception (CWE.397) 
        Do not throw exception types which are too general or are unchecked exceptions (CWE.397.NTERR-3) 
        Avoid declaring methods to throw general or unchecked Exception types (CWE.397.NTX-3) 
     [1/1]  CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference (CWE.395) 
        Do not catch 'NullPointerException' (CWE.395.NCNPE-3) 
     [1/1]  CWE-396: Declaration of Catch for Generic Exception (CWE.396) 
        Do not catch exception types which are too general or are unchecked exceptions (CWE.396.NCE-3) 
     [1/1]  CWE-391: Unchecked Error Condition (CWE.391) 
        Avoid "try", "catch" and "finally" blocks with empty bodies (CWE.391.AECB-3) 
     [1/1]  CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag (CWE.1004) 
        Mark cookies as HttpOnly (CWE.1004.SCHTTP-2) 
     [1/1]  CWE-390: Detection of Error Condition Without Action (CWE.390) 
        Ensure all exceptions are either logged with a standard logger or rethrown (CWE.390.LGE-2) 
     [1/1]  CWE-838: Inappropriate Encoding for Output Context (CWE.838) 
        Avoid calling methods and constructors which do not allow you to specify a character encoding option (CWE.838.SEO-3) 
     [1/1]  CWE-836: Use of Password Hash Instead of Password for Authentication (CWE.836) 
        Password information should not be included in properties file in plaintext (CWE.836.PLAIN-2) 
     [2/2]  CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') (CWE.835) 
        Avoid infinite loops (CWE.835.AIL-2) 
        Declare "for" loops with an initializer, conditional, and updater statements (CWE.835.PCIF-3) 
     [1/1]  CWE-832: Unlock of a Resource that is not Locked (CWE.832) 
        Ensure that nested locks are ordered correctly (CWE.832.LORD-2) 
     [6/6]  CWE-833: Deadlock (CWE.833) 
        Do not cause deadlocks by calling a "synchronized" method from a "synchronized" method (CWE.833.CSFS-1) 
        Do not acquire locks in different order (CWE.833.ORDER-1) 
        Release Locks in a "finally" block (CWE.833.RLF-1) 
        Do not use blocking methods while holding a lock (CWE.833.TSHL-1) 
        Do not perform synchronization nor call semaphore methods on an Object's 'this' reference (CWE.833.STR-3) 
        Use 'wait()' and 'notifyAll()' instead of polling loops (CWE.833.UWNA-3) 
     [3/3]  CWE-269: Improper Privilege Management (CWE.269) 
        Avoid granting access permission for EJB methods to the 'ANYONE' role (CWE.269.DPANY-3) 
        Limit the number of "AccessController.doPrivileged" calls per class (CWE.269.LDP-4) 
        Limit the number of lines in "privileged" code blocks (CWE.269.PCL-4) 
     [1/1]  CWE-384: Session Fixation (CWE.384) 
        Always call 'HttpSession.invalidate()' before 'LoginContext.login()' (CWE.384.ISL-1) 
     [1/1]  CWE-261: Weak Encoding for Password (CWE.261) 
        Avoid using cryptographic keys which are too short (CWE.261.CKTS-2) 
     [2/2]  CWE-382: J2EE Bad Practices: Use of System.exit() (CWE.382) 
        Do not stop the JVM in a web component (CWE.382.JVM-1) 
        Do not call methods which terminates Java Virtual Machine (CWE.382.EXIT-3) 
     [1/1]  CWE-383: J2EE Bad Practices: Direct Use of Threads (CWE.383) 
        Do not use threads in web components (CWE.383.THR-3) 
     [1/1]  CWE-260: Password in Configuration File (CWE.260) 
        Avoid using plain text passwords in Axis2 configuration files (CWE.260.UTAX-3) 
     [1/1]  CWE-99: Improper Control of Resource Identifiers ('Resource Injection') (CWE.99) 
        Protect against network resource injection (CWE.99.TDNET-2) 
     [4/4]  CWE-829: Inclusion of Functionality from Untrusted Control Sphere (CWE.829) 
        Protect against File contents injection (CWE.829.TDFILES-1) 
        Protect against File names injection (CWE.829.TDFNAMES-1) 
        Protect against Library injection (CWE.829.TDLIB-1) 
        Protect against XPath injection (CWE.829.TDXPATH-1) 
     [3/3]  CWE-94: Improper Control of Generation of Code ('Code Injection') (CWE.94) 
        Avoid untrusted input when logging messages with Seam Logging API (CWE.94.DCEMSL-1) 
        Validate potentially tainted data before it is used in methods that generate code (CWE.94.TDCODE-1) 
        Prevent the scripting API from executing untrusted code (CWE.94.ASAPI-3) 
     [1/1]  CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') (CWE.95) 
        Validate potentially tainted data before it is used in methods that generate code (CWE.95.TDCODE-1) 
     [2/2]  CWE-704: Incorrect Type Conversion or Cast (CWE.704) 
        Avoid conversions from parameterized types to raw types (CWE.704.AGBPT-3) 
        Do not convert a value to a String by concatenating the empty String (CWE.704.CPTS-3) 
     [1/1]  CWE-258: Empty Password in Configuration File (CWE.258) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (CWE.258.PWDPROP-1) 
     [10/10]  CWE-256: Plaintext Storage of a Password (CWE.256) 
        Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files (CWE.256.PCCF-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (CWE.256.PWDPROP-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (CWE.256.PWDXML-1) 
        Avoid storing unencrypted Hibernate usernames and passwords in 'web.xml' files (CWE.256.UPWD-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files (CWE.256.WCPWD-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files (CWE.256.WPWD-1) 
        Password information should not be included in properties file in plaintext (CWE.256.PLAIN-2) 
        Protect against using unprotected credentials (CWE.256.TDPASSWD-2) 
        Avoid using plain text passwords in Axis 'wsdd' files (CWE.256.PTPT-3) 
        Avoid using plain text passwords in Axis2 configuration files (CWE.256.UTAX-3) 
     [1/1]  CWE-377: Insecure Temporary File (CWE.377) 
        Avoid temporary files (CWE.377.ATF-3) 
     [2/2]  CWE-499: Serializable Class Containing Sensitive Data (CWE.499) 
        Inspect instance fields of serializable objects to make sure they will not expose sensitive information (CWE.499.SIF-1) 
        Make your classes nonserializeable (CWE.499.SER-5) 
     [1/1]  CWE-375: Returning a Mutable Object to an Untrusted Caller (CWE.375) 
        Avoid methods that might expose internal representations by returning arrays or other mutable fields (CWE.375.RA-3) 
     [1/1]  CWE-496: Public Data Assigned to Private Array-Typed Field (CWE.496) 
        Always clone array parameters which are stored to fields (CWE.496.CAP-1) 
     [1/1]  CWE-134: Use of Externally-Controlled Format String (CWE.134) 
        Exclude unsanitized user input from format strings (CWE.134.TDINPUT-1) 
     [2/2]  CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE.497) 
        Do not pass exception messages into output in order to prevent the application from leaking sensitive information (CWE.497.PEO-1) 
        Prevent exposure of sensitive data (CWE.497.SENS-1) 
     [1/1]  CWE-131: Incorrect Calculation of Buffer Size (CWE.131) 
        Avoid accessing arrays out of bounds (CWE.131.ARRAY-2) 
     [2/2]  CWE-252: Unchecked Return Value (CWE.252) 
        Consistently check the returned value of non-void methods (CWE.252.CHECKRET-2) 
        Check the return value of methods which read or skip input (CWE.252.CRRV-3) 
     [1/1]  CWE-495: Private Data Structure Returned From A Public Method (CWE.495) 
        Avoid methods that might expose internal representations by returning arrays or other mutable fields (CWE.495.RA-3) 
     [2/2]  CWE-250: Execution with Unnecessary Privileges (CWE.250) 
        Limit the number of "AccessController.doPrivileged" calls per class (CWE.250.LDP-4) 
        Limit the number of lines in "privileged" code blocks (CWE.250.PCL-4) 
     [1/1]  CWE-492: Use of Inner Class Containing Sensitive Data (CWE.492) 
        Make all member classes "private" (CWE.492.INNER-3) 
     [1/1]  CWE-491: Public cloneable() Method Without Final ('Object Hijack') (CWE.491) 
        Make your 'clone()' method "final" for security (CWE.491.CLONE-4) 
     [1/1]  CWE-369: Divide By Zero (CWE.369) 
        Avoid division by zero (CWE.369.ZERO-1) 
     [1/1]  CWE-245: J2EE Bad Practices: Direct Management of Connections (CWE.245) 
        Avoid using native JDBC (CWE.245.JDBCTEMPLATE-3) 
     [1/1]  CWE-487: Reliance on Package-level Scope (CWE.487) 
        Avoid "public"/"protected"/package-private fields (CWE.487.AF-3) 
     [2/2]  CWE-125: Out-of-bounds Read (CWE.125) 
        Avoid unvalidated input in array indexes (CWE.125.ARRAYSEC-1) 
        Avoid accessing arrays out of bounds (CWE.125.ARRAY-2) 
     [3/3]  CWE-246: J2EE Bad Practices: Direct Use of Sockets (CWE.246) 
        Do not use sockets in EJBs (CWE.246.AUS-3) 
        Do not call 'Socket.setSocketImplFactory()' or 'URL.setURLStreamHandlerFactory()' in a web component (CWE.246.NSF-3) 
        Do not use sockets in web components (CWE.246.SS-3) 
     [1/1]  CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition (CWE.367) 
        Avoid Time-of-check Time-of-use (TOCTOU) Race Condition (CWE.367.TOCTOU-2) 
     [2/2]  CWE-486: Comparison of Classes by Name (CWE.486) 
        Do not compare Class objects by name (CWE.486.CMP-1) 
        Inspect usage of 'getName()' from 'java.lang.Class' object (CWE.486.AUG-5) 
     [2/2]  CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE.362) 
        Avoid unsafe implementations of the "double-checked locking" pattern (CWE.362.DCL-2) 
        Avoid Time-of-check Time-of-use (TOCTOU) Race Condition (CWE.362.TOCTOU-2) 
     [3/3]  CWE-483: Incorrect Block Delimitation (CWE.483) 
        Avoid erroneously placing statements outside blocks (CWE.483.EBI-2) 
        Provide a '{}' block for conditional statements (CWE.483.BLK-3) 
        Avoid control statements with empty bodies (CWE.483.EB-3) 
     [2/2]  CWE-484: Omitted Break Statement in Switch (CWE.484) 
        Avoid assigning same variable in the fall-through switch case (CWE.484.DAV-3) 
        Do not use a "switch" statement with a bad "case" (CWE.484.SBC-3) 
     [1/1]  CWE-481: Assigning instead of Comparing (CWE.481) 
        Avoid assignment within a condition (CWE.481.ASI-1) 
     [3/3]  CWE-807: Reliance on Untrusted Inputs in a Security Decision (CWE.807) 
        Avoid storing sensitive data in plaintext in a cookie (CWE.807.PLC-1) 
        Use the ''getSecure()'' and ''setSecure()'' methods to enforce the use of secure cookies (CWE.807.UOSC-1) 
        Avoid using the 'getRequestedSessionId' method from the 'HttpServletRequest' class (CWE.807.HGRSI-4) 
     [1/1]  CWE-806: Buffer Access Using Size of Source Buffer (CWE.806) 
        Prevent external processes from blocking on output or error streams (CWE.806.BUSSB-3) 
     [3/3]  CWE-129: Improper Validation of Array Index (CWE.129) 
        Avoid unvalidated input in array indexes (CWE.129.ARRAYSEC-1) 
        Avoid accessing arrays out of bounds (CWE.129.ARRAY-2) 
        Always check parameters before use in array access (CWE.129.CAI-3) 
     [1/1]  CWE-478: Missing Default Case in Multiple Condition Expression (CWE.478) 
        Provide "default:" for each "switch" statement (CWE.478.PDS-3) 
     [1/1]  CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') (CWE.113) 
        Protect against HTTP response splitting (CWE.113.TDRESP-1) 
     [2/2]  CWE-476: NULL Pointer Dereference (CWE.476) 
        Avoid NullPointerException (CWE.476.NP-1) 
        Do not check for null after dereferencing (CWE.476.DEREF-3) 
     [2/2]  CWE-114: Process Control (CWE.114) 
        Protect against Library injection (CWE.114.TDLIB-1) 
        Inspect usage of standard API calls that bypass security (CWE.114.APIBS-3) 
     [1/1]  CWE-477: Use of Obsolete Function (CWE.477) 
        Do not use deprecated APIs (CWE.477.DPRAPI-3) 
     [2/2]  CWE-111: Direct Use of Unsafe JNI (CWE.111) 
        Use wrapper methods to secure native methods (CWE.111.NATIW-3) 
        Do not use user-defined "native" methods (CWE.111.NATV-3) 
     [1/1]  CWE-595: Comparison of Object References Instead of Object Contents (CWE.595) 
        Do not use '==' or '!=' to compare objects (CWE.595.UEIC-2) 
     [8/8]  CWE-352: Cross-Site Request Forgery (CSRF) (CWE.352) 
        Protect against HTTP response splitting (CWE.352.TDRESP-1) 
        Protect against XSS vulnerabilities (CWE.352.TDXSS-1) 
        Use the ''getSecure()'' and ''setSecure()'' methods to enforce the use of secure cookies (CWE.352.UOSC-1) 
        Do not disable CSRF protection (CWE.352.DCSRFJAVA-2) 
        Do not disable CSRF protection (CWE.352.DCSRFXML-2) 
        Encapsulate arguments of dangerous methods with a validation method (CWE.352.EACM-2) 
        Ensure that methods annotated with @RequestMapping specify the HTTP request method they call (CWE.352.REQMAP-2) 
        Validate all dangerous data (CWE.352.VPPD-2) 
     [1/1]  CWE-594: J2EE Framework: Saving Unserializable Objects to Disk (CWE.594) 
        Ensure instance variables of @Stateful beans are Serializable (CWE.594.SIVS-2) 
     [2/2]  CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') (CWE.470) 
        Protect against Reflection injection (CWE.470.TDRFL-1) 
        Inspect usage of standard API calls that bypass security (CWE.470.APIBS-3) 
     [1/1]  CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action (CWE.350) 
        Avoid DNS lookups for decision making (CWE.350.DNSL-1) 
     [1/1]  CWE-918: Server-Side Request Forgery (SSRF) (CWE.918) 
        Protect against network resource injection (CWE.918.TDNET-2) 
     [5/5]  CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE.119) 
        Avoid unvalidated input in array indexes (CWE.119.ARRAYSEC-1) 
        Do not use resources that have been freed (CWE.119.FREE-1) 
        Avoid accessing arrays out of bounds (CWE.119.ARRAY-2) 
        Do not use an integer outside the range of [0, 31] as the amount of a shift (CWE.119.BSA-2) 
        Prevent external processes from blocking on output or error streams (CWE.119.BUSSB-3) 
     [1/1]  CWE-117: Improper Output Neutralization for Logs (CWE.117) 
        Protect against log forging (CWE.117.TDLOG-2) 
     [1/1]  CWE-359: Exposure of Private Personal Information to an Unauthorized Actor (CWE.359) 
        Do not log confidential or sensitive information (CWE.359.CONSEN-1) 
     [1/1]  CWE-104: Struts: Form Bean Does Not Extend Validation Class (CWE.104) 
        Do not extend from the Struts classes 'ActionForm' and 'DynaActionForm' (CWE.104.AEAF-1) 
     [1/1]  CWE-346: Origin Validation Error (CWE.346) 
        Restrict cross-origin resource sharing to secure origins (CWE.346.JXCORS-4) 
     [1/1]  CWE-347: Improper Verification of Cryptographic Signature (CWE.347) 
        Always verify JarFile signatures (CWE.347.VJFS-1) 
     [1/1]  CWE-102: Struts: Duplicate Validation Forms (CWE.102) 
        Avoid duplicated forms in the 'validation.xml' (CWE.102.DFV-1) 
     [1/1]  CWE-586: Explicit Call to Finalize() (CWE.586) 
        Do not call 'finalize()' explicitly (CWE.586.NCF-1) 
     [1/1]  CWE-103: Struts: Incomplete validate() Method Definition (CWE.103) 
        Always call 'super.validate()' from validation methods in 'ActionForm' classes (CWE.103.CSVFV-1) 
     [1/1]  CWE-584: Return Inside Finally Block (CWE.584) 
        Avoid using 'return's inside 'finally blocks if thare are other 'return's inside the try-catch block (CWE.584.ARCF-1) 
     [1/1]  CWE-585: Empty Synchronized Block (CWE.585) 
        Avoid empty "synchronized" statements (CWE.585.SNE-3) 
     [2/2]  CWE-582: Array Declared Public, Final, and Static (CWE.582) 
        Ensure "static" "final" fields are immutable (CWE.582.IMM-3) 
        Avoid using "public static final" array fields (CWE.582.PSFA-3) 
     [1/1]  CWE-583: finalize() Method Declared Public (CWE.583) 
        Give "finalize()" methods "protected" access (CWE.583.MFP-3) 
     [1/1]  CWE-580: clone() Method Without super.clone() (CWE.580) 
        Call 'super.clone()' in all 'clone()' methods (CWE.580.SCLONE-1) 
     [1/1]  CWE-581: Object Model Violation: Just One of Equals and Hashcode Defined (CWE.581) 
        Override 'Object.hashCode()' when you override 'Object.equals()' and vice versa (CWE.581.OVERRIDE-1) 
     [1/1]  CWE-109: Struts: Validator Turned Off (CWE.109) 
        Ensure validators are enabled in the 'struts-config.xml' (CWE.109.EV-3) 
     [1/1]  CWE-106: Struts: Plug-in Framework not in Use (CWE.106) 
        Ensure Plugins are added in the 'struts-config.xml' (CWE.106.PLUGIN-1) 
     [2/2]  CWE-59: Improper Link Resolution Before File Access ('Link Following') (CWE.59) 
        Validate shortcut target paths before use (CWE.59.LNK-4) 
        Ensure that file target paths retrieved by resolving symbolic links are safe (CWE.59.FOLLOW-5) 
     [1/1]  CWE-456: Missing Initialization of a Variable (CWE.456) 
        Initialize all local variables explicitly at the declaration statement (CWE.456.LV-3) 
     [1/1]  CWE-577: EJB Bad Practices: Use of Sockets (CWE.577) 
        Do not use sockets in EJBs (CWE.577.AUS-3) 
     [1/1]  CWE-215: Insertion of Sensitive Information Into Debugging Code (CWE.215) 
        Avoid debug information from Spring Security framework to logs (CWE.215.EWSSEC-1) 
     [1/1]  CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG) (CWE.336) 
        Ensure arguments passed to certain methods come from predefined methods list (CWE.336.ENPP-2) 
     [4/4]  CWE-457: Use of Uninitialized Variable (CWE.457) 
        Avoid use before explicit initialization (CWE.457.NOTEXPLINIT-1) 
        Avoid use of fields before initialization in constructors and static initializers (CWE.457.NOTINITCTOR-1) 
        Avoid NullPointerException (CWE.457.NP-1) 
        Avoid uninitialized reads of fields before or during constructor execution (CWE.457.UIRC-1) 
     [1/1]  CWE-578: EJB Bad Practices: Use of Class Loader (CWE.578) 
        Do not access, use, or create a class loader within a bean class (CWE.578.ACL-2) 
     [1/1]  CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer (CWE.212) 
        Avoid declaring "transient" fields in non-serializable classes (CWE.212.FT-3) 
     [1/1]  CWE-213: Exposure of Sensitive Information Due to Incompatible Policies (CWE.213) 
        Do not log confidential or sensitive information (CWE.213.CONSEN-1) 
     [1/1]  CWE-576: EJB Bad Practices: Use of Java I/O (CWE.576) 
        Do not use types from the "java.io" package within bean classes (CWE.576.JIO-2) 
     [2/2]  CWE-571: Expression is Always True (CWE.571) 
        Avoid conditions that always evaluate to the same value (CWE.571.CC-2) 
        Avoid unnecessary 'if' statements (CWE.571.UCIF-3) 
     [1/1]  CWE-572: Call to Thread run() instead of start() (CWE.572) 
        Do not call the 'run()' method directly on classes extending 'java.lang.Thread' or implementing 'java.lang.Runnable' (CWE.572.IRUN-1) 
     [2/2]  CWE-570: Expression is Always False (CWE.570) 
        Avoid conditions that always evaluate to the same value (CWE.570.CC-2) 
        Avoid unnecessary 'if' statements (CWE.570.UCIF-3) 
     [1/1]  CWE-691: Insufficient Control Flow Management (CWE.691) 
        Avoid using negative logic in if-else statement (CWE.691.ANL-4) 
     [1/1]  CWE-64: Windows Shortcut Following (.LNK) (CWE.64) 
        Validate shortcut target paths before use (CWE.64.LNK-4) 
     [1/1]  CWE-61: UNIX Symbolic Link (Symlink) Following (CWE.61) 
        Ensure that file target paths retrieved by resolving symbolic links are safe (CWE.61.FOLLOW-5) 
     [1/1]  CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG) (CWE.337) 
        Ensure arguments passed to certain methods come from predefined methods list (CWE.337.ENPP-2) 
     [2/2]  CWE-579: J2EE Bad Practices: Non-serializable Object Stored in Session (CWE.579) 
        Ensure method arguments are serializable (CWE.579.ONS-1) 
        Do not store non-serializable objects as HttpSession attributes (CWE.579.SNSO-1) 
     [1/1]  CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE.338) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (CWE.338.SRD-1) 
     [1/1]  CWE-459: Incomplete Cleanup (CWE.459) 
        Ensure resources are deallocated (CWE.459.LEAKS-1) 
     [2/2]  CWE-325: Missing Cryptographic Step (CWE.325) 
        MessageDigest objects must process the data with the 'update' method (CWE.325.MCMDU-1) 
        Initialize KeyGenerator instances (CWE.325.SIKG-1) 
     [7/7]  CWE-200: Exposure of Sensitive Information to an Unauthorized Actor (CWE.200) 
        Do not log confidential or sensitive information (CWE.200.CONSEN-1) 
        Avoid debug information from Spring Security framework to logs (CWE.200.EWSSEC-1) 
        Do not pass exception messages into output in order to prevent the application from leaking sensitive information (CWE.200.PEO-1) 
        Prevent exposure of sensitive data (CWE.200.SENS-1) 
        Avoid passing sensitive data to functions that write to log files (CWE.200.SENSLOG-2) 
        Do not call the 'printStackTrace()' method of "Throwable" objects (CWE.200.ACPST-3) 
        Avoid calling print methods of 'System.err' or 'System.out' (CWE.200.SIO-3) 
     [1/1]  CWE-321: Use of Hard-coded Cryptographic Key (CWE.321) 
        Avoid using hard-coded cryptographic keys (CWE.321.HCCK-1) 
     [6/6]  CWE-563: Assignment to Variable without Use (CWE.563) 
        Avoid overwriting method parameters before each use (CWE.563.POVR-1) 
        Avoid local variables that are never read (CWE.563.AURV-3) 
        Avoid unused "private" fields (CWE.563.PF-3) 
        Avoid unused parameters (CWE.563.UP-3) 
        Avoid unused values (CWE.563.VOVR-3) 
        Avoid globally unused "public/protected" fields (CWE.563.UPPF-4) 
     [2/2]  CWE-681: Incorrect Conversion between Numeric Types (CWE.681) 
        Do not assign the result of an integer division to a floating point variable (CWE.681.IDCD-1) 
        Do not cast primitive data types to lower precision (CWE.681.CLP-2) 
     [4/4]  CWE-561: Dead Code (CWE.561) 
        Avoid conditions that always evaluate to the same value (CWE.561.CC-2) 
        Do not check for null after dereferencing (CWE.561.DEREF-3) 
        Avoid unused "private" methods (CWE.561.PM-3) 
        Avoid switch with unreachable branches (CWE.561.SWITCH-3) 
     [1/1]  CWE-680: Integer Overflow to Buffer Overflow (CWE.680) 
        Do not use an integer outside the range of [0, 31] as the amount of a shift (CWE.680.BSA-2) 
     [3/3]  CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE.80) 
        Process XML and HTML with a library instead of raw text (CWE.80.ARXML-1) 
        Protect against Jakarta Digester injection (CWE.80.TDDIG-1) 
        Protect against XML data injection (CWE.80.TDXML-1) 
     [1/1]  CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE.77) 
        Protect against Command injection (CWE.77.TDCMD-1) 
     [4/4]  CWE-209: Generation of Error Message Containing Sensitive Information (CWE.209) 
        Do not pass exception messages into output in order to prevent the application from leaking sensitive information (CWE.209.PEO-1) 
        Prevent exposure of sensitive data (CWE.209.SENS-1) 
        Do not call the 'printStackTrace()' method of "Throwable" objects (CWE.209.ACPST-3) 
        Avoid calling print methods of 'System.err' or 'System.out' (CWE.209.SIO-3) 
     [6/6]  CWE-328: Use of Weak Hash (CWE.328) 
        Avoid using insecure cryptographic algorithms for data encryption with Spring (CWE.328.AISSAJAVA-1) 
        Avoid using insecure cryptographic algorithms in Spring XML configurations (CWE.328.AISSAXML-1) 
        Avoid using insecure algorithms for cryptography (CWE.328.ICA-1) 
        Use hash functions with a salt (CWE.328.MDSALT-1) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (CWE.328.SRD-1) 
        Avoid using the javax.crypto.NullCipher class in non-test classes (CWE.328.AUNC-2) 
     [1/1]  CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE.78) 
        Protect against Command injection (CWE.78.TDCMD-1) 
     [2/2]  CWE-329: Generation of Predictable IV with CBC Mode (CWE.329) 
        Ensure arguments passed to certain methods come from predefined methods list (CWE.329.ENPP-2) 
        Avoid non-random "byte[]" when using IvParameterSpec (CWE.329.IVR-2) 
     [7/7]  CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE.79) 
        Process XML and HTML with a library instead of raw text (CWE.79.ARXML-1) 
        Protect against Jakarta Digester injection (CWE.79.TDDIG-1) 
        Protect against HTTP response splitting (CWE.79.TDRESP-1) 
        Protect against XML data injection (CWE.79.TDXML-1) 
        Protect against XSS vulnerabilities (CWE.79.TDXSS-1) 
        Encapsulate arguments of dangerous methods with a validation method (CWE.79.EACM-2) 
        Validate all dangerous data (CWE.79.VPPD-2) 
     [1/1]  CWE-568: finalize() Method Without super.finalize() (CWE.568) 
        Call 'super.finalize()' from 'finalize()' (CWE.568.FCF-3) 
     [1/1]  CWE-327: Use of a Broken or Risky Cryptographic Algorithm (CWE.327) 
        Avoid using custom MessageDigest implementations (CWE.327.ACMD-4) 
     [1/1]  CWE-313: Cleartext Storage in a File or on Disk (CWE.313) 
        Password information should not be included in properties file in plaintext (CWE.313.PLAIN-2) 
     [1/1]  CWE-434: Unrestricted Upload of File with Dangerous Type (CWE.434) 
        Protect against File names injection (CWE.434.TDFNAMES-1) 
     [1/1]  CWE-555: J2EE Misconfiguration: Plaintext Password in Configuration File (CWE.555) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (CWE.555.PWDXML-1) 
     [1/1]  CWE-676: Use of Potentially Dangerous Function (CWE.676) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (CWE.676.SRD-1) 
     [2/2]  CWE-798: Use of Hard-coded Credentials (CWE.798) 
        Avoid using hard-coded cryptographic keys (CWE.798.HCCK-1) 
        Avoid passing hardcoded usernames/passwords/URLs to database connection methods (CWE.798.HCCS-1) 
     [2/2]  CWE-311: Missing Encryption of Sensitive Data (CWE.311) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (CWE.311.PWDXML-1) 
        Prevent exposure of sensitive data (CWE.311.SENS-1) 
     [1/1]  CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length (CWE.6) 
        Ensure Session-ID Length is sufficient (CWE.6.SLID-3) 
     [1/1]  CWE-674: Uncontrolled Recursion (CWE.674) 
        Avoid infinite recursive method calls (CWE.674.FLRC-1) 
     [1/3]  CWE-312: Cleartext Storage of Sensitive Information (CWE.312) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (CWE.312.PWDPROP-1) 
     [1/1]  CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (CWE.90) 
        Protect against LDAP injection (CWE.90.TDLDAP-1) 
     [1/1]  CWE-91: XML Injection (aka Blind XPath Injection) (CWE.91) 
        Protect against XML data injection (CWE.91.TDXML-1) 
     [1/1]  CWE-81: Improper Neutralization of Script in an Error Message Web Page (CWE.81) 
        Process XML and HTML with a library instead of raw text (CWE.81.ARXML-1) 
     [1/1]  CWE-83: Improper Neutralization of Script in Attributes in a Web Page (CWE.83) 
        Process XML and HTML with a library instead of raw text (CWE.83.ARXML-1) 
     [2/3]  CWE-319: Cleartext Transmission of Sensitive Information (CWE.319) 
        Use the SSL-enabled version of classes when possible (CWE.319.USC-3) 
        Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files (CWE.319.HTTPS-5) 
     [1/1]  CWE-8: J2EE Misconfiguration: Entity Bean Declared Remote (CWE.8) 
        Do not declare entity beans as remote (CWE.8.RR-3) 
     [2/2]  CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE.89) 
        Protect against SQL injection (CWE.89.TDSQL-1) 
        Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (CWE.89.UPS-1) 
     [1/1]  CWE-7: J2EE Misconfiguration: Missing Custom Error Page (CWE.7) 
        Always specify error pages in web.xml (CWE.7.SEP-3) 
     [1/1]  CWE-315: Cleartext Storage of Sensitive Information in a Cookie (CWE.315) 
        Avoid storing sensitive data in plaintext in a cookie (CWE.315.PLC-1) 
     [1/1]  CWE-9: J2EE Misconfiguration: Weak Access Permissions for EJB Methods (CWE.9) 
        Avoid granting access permission for EJB methods to the 'ANYONE' role (CWE.9.DPANY-3) 
 [18/18]  Design by Contract (DBC) 
    Do not include a postcondition saying that "$result!=null" in methods which can return null (DBC.CPT-3) 
    Provide an '@invariant' contract for all getter methods (DBC.IGM-3) 
    Do not invoke a method on a reference that is not guaranteed to be non-null (DBC.IMNR-3) 
    Include a '@pre != null' tag for each parameter that is dereferenced before being checked for null (DBC.IPAN-3) 
    Provide an '@invariant' contract for all package-private classes (DBC.PKGC-3) 
    Provide a '@post' contract for all package-private methods (DBC.PKGMPOST-3) 
    Provide a '@pre' contract for all package-private methods (DBC.PKGMPRE-3) 
    Provide an '@invariant' contract for all "protected" classes (DBC.PROC-3) 
    Provide a '@post' contract for all "protected" methods (DBC.PROMPOST-3) 
    Provide a '@pre' contract for all "protected" methods (DBC.PROMPRE-3) 
    Provide an '@invariant' contract for all "public" classes (DBC.PUBC-3) 
    Provide a '@post' contract for all "public" methods (DBC.PUBMPOST-3) 
    Provide a '@pre' contract for all "public" methods (DBC.PUBMPRE-3) 
    Avoid rechecking @pre and @post conditions (DBC.RCC-3) 
    Use correct syntax in the DbC contracts (DBC.SYNTAX-3) 
    Provide an '@invariant' contract for all "private" classes (DBC.PRIC-5) 
    Provide a '@post' contract for all "private" methods (DBC.PRIMPOST-5) 
    Provide a '@pre' contract for all "private" methods (DBC.PRIMPRE-5) 
 [3/3]  Eclipse Development (ECLIPSE) 
    Ensure "Export-Package" and "Provide-Package" match in MANIFEST.MF for Eclipse 3.0 compatibility (ECLIPSE.PCMF-2) 
    Avoid exporting "internal" packages in MANIFEST.MF (ECLIPSE.IPMF-3) 
    Avoid missing "Eclipse-AutoStart" entry in MANIFEST.MF (ECLIPSE.SMF-3) 
 [62/62]  Enterprise JavaBeans (EJB) 
     [19/19]  Enterprise JavaBeans 3 (EJB.EJB3) 
        Do not expose @AroundInvoke method in business interface (EJB.EJB3.EAII-1) 
        Avoid EJB 3 methods without security annotations (EJB.EJB3.PERMIT-1) 
        Call 'InvocationContext.proceed()' from @AroundInvoke methods (EJB.EJB3.CPIM-2) 
        Avoid improper use of @Id annotation (EJB.EJB3.IDA-2) 
        Do not inject @Stateful beans into @Stateless beans (EJB.EJB3.ISB-2) 
        Ensure instance variables of @Stateful beans are Serializable (EJB.EJB3.SIVS-2) 
        Avoid IllegalStateException when using transactions (EJB.EJB3.AISE-3) 
        Do not start business method names with "ejb" (EJB.EJB3.BMN-3) 
        Improper signature of the annotated method in EJB bean (EJB.EJB3.CMF-3) 
        Ensure @IdClass is Serializable and defines "equals()" and "hashCode()" methods (EJB.EJB3.IDCS-3) 
        Do not extend other @MessageDriven beans from a @MessageDriven bean (EJB.EJB3.MDBS-3) 
        Ensure @MessageDriven beans specify a MessageListener (EJB.EJB3.MDML-3) 
        Do not declare multiple "@Timeout" methods (EJB.EJB3.MTM-3) 
        Specify a @Remove method for @Stateful beans (EJB.EJB3.RMSB-3) 
        Ensure parameters and return type of remote business methods are Serializable (EJB.EJB3.SRBM-3) 
        Avoid ignored or invalid annotations (EJB.EJB3.AIA-4) 
        Do not declare an interface both @Local and @Remote (EJB.EJB3.RLI-4) 
        Always specify "unitName" with @PersistenceContext (EJB.EJB3.PCUN-5) 
        Access beans through a local interface (EJB.EJB3.ULI-5) 
    Declare bean classes "public" (EJB.CDP-1) 
    Do not declare bean classes as "abstract" (EJB.CNDA-1) 
    Do not declare bean classes as "final" (EJB.CNDF-1) 
    Declare 'ejbCreate()' methods "public", but neither "static" nor "final" (EJB.CRTE-1) 
    Implement a no-argument 'ejbCreate()' method for all Message-driven bean classes (EJB.MDBC-1) 
    Do not define 'finalize()' method in bean classes (EJB.MNDF-1) 
    Declare a "public" constructor that takes no parameters in bean classes (EJB.NFDC-1) 
    Declare 'ejbPostCreate()' "public" and neither "static" nor "final" (EJB.PCRTE-1) 
    Make the return type "void" for SessionBeans or MessageDrivenBeans' 'ejbCreate()' methods (EJB.RTC-1) 
    Make the return type "void" for the 'ejbPostCreate()' method (EJB.RTP-1) 
    Avoid passing the "this" reference as an argument (EJB.THISARG-1) 
    Do not return "this" (EJB.THISRET-1) 
    Do not access, use, or create a class loader within a bean class (EJB.ACL-2) 
    Do not use EJB code in java swing or servlet classes (EJB.ADCB-2) 
    Do not access or modify security configuration objects (EJB.AMSC-2) 
    Do not use types from the "java.io" package within bean classes (EJB.JIO-2) 
    Declare all "static" fields in EJB bean classes "final" (EJB.NFS-2) 
    The return type of EJB finder methods should be the primary key or a collection of primary keys (EJB.RT-2) 
    Do not set or create a new SecurityManager in EJBs (EJB.SMSN-2) 
    Ensure EJB beans include necessary methods and EJB bean and interface classes follow the name format (EJB.STD-2) 
    Avoid starting, stopping, or managing threads in any way in bean classes (EJB.THREAD-2) 
    Do not use Servlet code in EJB classes (EJB.ABCS-3) 
    Do not use Entity Beans as fine-grained objects (EJB.ABFG-3) 
    Avoid excessive inter-entity bean communication (EJB.AIEBC-3) 
    Do not use JDBC code inside of EJB classes (EJB.AJDBC-3) 
    Do not use sockets in EJBs (EJB.AUS-3) 
    Avoid granting access permission for EJB methods to the 'ANYONE' role (EJB.DPANY-3) 
    Do not call finder methods in the 'ejbLoad()' (EJB.EJBLOAD-3) 
    Declare finder methods "public" and neither "final" nor "static" (EJB.FNDM-3) 
    Implement one or more 'ejbCreate()' methods in bean classes (EJB.IECM-3) 
    Implement one or more 'ejbPostCreate()' methods in EntityBean classes (EJB.IEPM-3) 
    Avoid loading native libraries in a Bean class (EJB.LNL-3) 
    Define a matching 'ejbPostCreate()' method for each 'ejbCreate' method in entity bean classes (EJB.MEC-3) 
    Throw 'java.rmi.RemoteException' in the methods of remote interface and remote home interface (EJB.MRE-3) 
    Do not throw 'java.rmi.RemoteException' in a bean's local interface and local home interface (EJB.RILH-3) 
    Do not declare entity beans as remote (EJB.RR-3) 
    Throw 'javax.ejb.CreateException' in create methods of remote home or local home interfaces (EJB.TCE-3) 
    Throw 'javax.ejb.FinderException' in finder methods of remote home or local home interfaces (EJB.TFE-3) 
    Cache reusable JNDI resources to minimize the use of expensive operations (EJB.UCIC-3) 
    Use a Session Facade to manage access to entity beans (EJB.USF-3) 
    Avoid one-to-one mapping between session beans and entity beans (EJB.AOTO-4) 
    Reuse EJB homes (EJB.RUH-4) 
    Use Value Objects to reduce the granularity of calls to the server (EJB.UVO-4) 
 [19/19]  Exceptions (EXCEPT) 
    Do not throw exceptions from the constructors of exception classes (EXCEPT.TEFEC-1) 
    Catch all "Throwable" objects which may be thrown in the body of certain methods (EXCEPT.CATO-2) 
    Do not abuse exceptions as flow control statements (EXCEPT.AEFC-3) 
    Do not use instanceof in a catch block to check the exception type (EXCEPT.AIOC-3) 
    Avoid catch clauses with the same content (EXCEPT.CDUPL-3) 
    Avoid using finally block for closing resource only (EXCEPT.CLFIN-3) 
    Always chain thrown exceptions (EXCEPT.CTE-3) 
    Do not throw exceptions from constructors of "public" non-"final" classes (EXCEPT.EPNFC-3) 
    Do not hide 'catch' blocks (EXCEPT.HCB-3) 
    Declare all fields of user-defined 'Exception' as "final" (EXCEPT.IMMEX-3) 
    Do not declare any thrown exceptions in the 'main()' method (EXCEPT.MTE-3) 
    Do not catch the 'java.lang.Error' object (EXCEPT.NCERR-3) 
    Do not catch 'NullPointerException' (EXCEPT.NCNPE-3) 
    Ensure that the 'parse' methods of the numeric classes do not throw unhandled "NumberFormatExceptions" (EXCEPT.NFE-3) 
    Do not throw exception types which are too general or are unchecked exceptions (EXCEPT.NTERR-3) 
    Do not throw 'NullPointerException' (EXCEPT.NTNPE-3) 
    Rethrow certain exceptions if they are caught (EXCEPT.RTERR-3) 
    Place "try/catch/finally" blocks outside of loops (EXCEPT.TRY-3) 
    Exception messages must meet minimum character requirement (EXCEPT.TSCE-3) 
 [37/37]  Formatting (FORMAT) 
    Include a meaningful file header comment in every source file (FORMAT.MCH-2) 
    Use '()' to separate complex expressions (FORMAT.APAREN-3) 
    Ensure proper spacing in array references (FORMAT.ASPACE-3) 
    Do not place empty whitespace at the end of a line (FORMAT.ATS-3) 
    Put a blank line before each C-style comment (FORMAT.BLBC-3) 
    Enforce number of blank line(s) before type declarations (FORMAT.BLCD-3) 
    Enforce number of blank line(s) to separate "imports" from different packages (FORMAT.BLSIM-3) 
    Place a closing brace on its own line (FORMAT.CBRACE-3) 
    Place a single space character or no space character after type casting (FORMAT.CMS-3) 
    Do not leave spaces between qualified names and method invocations (FORMAT.DOT-3) 
    Use spaces instead of tabs (or tabs instead of spaces) (FORMAT.DUT-3) 
    Enforce the position of '{' brace (FORMAT.FCB-3) 
    Place the type that has the same name as the file as the first type (FORMAT.FCN-3) 
    Declare arrays with '[]' brackets after the array type and before the variable name(s) (FORMAT.IAD-3) 
    Enforce number of space(s) for indentation (FORMAT.IND-3) 
    Limit the maximum length of a line (FORMAT.LL-3) 
    Enforce the order of annotations and modifiers (FORMAT.MO-3) 
    Place a single space character or no space character between a method name and the opening "(" parenthesis (FORMAT.MSP-3) 
    Do not place statements on the same line as the '{' opening brace (FORMAT.NSAB-3) 
    Write one statement per line (FORMAT.OSPL-3) 
    Enforce number of space character(s) after every comma (FORMAT.SAC-3) 
    Enforce number of space character(s) on each side of an assignment operator (FORMAT.SAOP-3) 
    Enforce number of space character(s) after the opening parenthesis "(" of a conditional statement (FORMAT.SAP-3) 
    Enforce number of space character(s) after every semicolon (FORMAT.SAS-3) 
    Enforce number of space character(s) between a prefixed unary operator and its operand (FORMAT.SAUOP-3) 
    Enforce number of space character(s) on each side of a bitwise operator (FORMAT.SBOP-3) 
    Enforce number of space character(s) between a postfixed unary operator and its operand (FORMAT.SBUOP-3) 
    Enforce number of space character(s) between a conditional statement and the opening "(" parenthesis (FORMAT.SC-3) 
    Enforce number of space character(s) before and after the "?" conditional operator (FORMAT.SCOP-3) 
    Enforce number of space character(s) on each side of a logical operator (FORMAT.SLOP-3) 
    Enforce number of space character(s) on each side of a relational operator (FORMAT.SROP-3) 
    Avoid using trailing comments (FORMAT.TC-3) 
    Avoid or enforce the use of trailing commas in array initializers (FORMAT.TCOMMA-3) 
    Use the preferred formatting for conditional expressions (FORMAT.TE-3) 
    Make sure all files are terminated with a newline character (FORMAT.TNL-3) 
    Enforce number of blank line(s) between major sections (FORMAT.U2BL-3) 
    Avoid unnecessary parentheses (FORMAT.UP-3) 
 [12/12]  Garbage Collection (GC) 
    Do not use 'finalize()' methods to unregister listeners (GC.FM-1) 
    Do not call 'finalize()' explicitly (GC.NCF-1) 
    Be cautious when calling methods which may cause memory leaks (GC.MML-2) 
    Prevent potential memory leaks in ObjectOutputStreams by calling 'reset()' (GC.OSTM-2) 
    Do not use unnecessary temporaries when converting primitive types to String (GC.AUTP-3) 
    Avoid using 'Date[]', use 'long[]' instead (GC.DUD-3) 
    Call 'super.finalize()' from 'finalize()' (GC.FCF-3) 
    Do not explicitly call 'System.gc()' or 'Runtime.gc()' (GC.GC-3) 
    Reuse calls to 'getClipBounds()' (GC.GCB-3) 
    Call 'super.finalize()' in the "finally" block of 'finalize()' methods (GC.IFF-3) 
    Reuse immutable constant objects to conserve memory (GC.RCO-3) 
    Avoid "static" collections or maps; they can grow without bounds (GC.STV-3) 
 [23/23]  Global Static Analysis (GLOBAL) 
    Avoid unused "throws" clauses (GLOBAL.AUT-2) 
    Declare package-private fields as inaccessible as possible (GLOBAL.DPAF-2) 
    Declare package-private methods as inaccessible as possible (GLOBAL.DPAM-2) 
    Declare a package-private "class" "final" if it is not subclassed (GLOBAL.SPAC-2) 
    Declare a package-private method "final" if it is not overridden (GLOBAL.SPAM-2) 
    Ensure correct constructor declarations in utility classes (GLOBAL.UCC-2) 
    Avoid globally unused package-private types (GLOBAL.UPAC-2) 
    Avoid globally unused package-private fields (GLOBAL.UPAF-2) 
    Avoid globally unused package-private methods (GLOBAL.UPAM-2) 
    Make methods "static" if they do not use instance class members (GLOBAL.ASI-3) 
    Declare non-private fields "final" if they are read-only (GLOBAL.SF-3) 
    Ensure that files do not contain cyclical dependencies (GLOBAL.ACD-4) 
    Declare "package-private" types as inaccessible as possible (GLOBAL.DPAC-4) 
    Declare "public/protected" types as inaccessible as possible (GLOBAL.DPPC-4) 
    Declare "public/protected" fields as inaccessible as possible (GLOBAL.DPPF-4) 
    Declare "public/protected" methods as inaccessible as possible (GLOBAL.DPPM-4) 
    Avoid interfaces which are never implemented and "abstract" classes which are never extended (GLOBAL.NIE-4) 
    Avoid globally unused enum constants (GLOBAL.UEC-4) 
    Avoid globally unused "public/protected" types (GLOBAL.UPPC-4) 
    Avoid globally unused "public/protected" fields (GLOBAL.UPPF-4) 
    Avoid globally unused "public/protected" methods (GLOBAL.UPPM-4) 
    Declare a "public/protected" "class" "final" if it is not subclassed (GLOBAL.SPPC-5) 
    Declare a "public/protected" method "final" if it is not overridden (GLOBAL.SPPM-5) 
 [13/13]  Hibernate Framework (HIBERNATE) 
    Avoid logging sensitive Hibernate-related information at the 'info' level in 'log4j.properties' files (HIBERNATE.LHII-1) 
    Call 'setLockMode()' before executing a Hibernate Query (HIBERNATE.SLM-1) 
    Avoid storing unencrypted Hibernate usernames and passwords in 'web.xml' files (HIBERNATE.UPWD-1) 
    Roll back any active transactions in 'catch' blocks (HIBERNATE.RBT-2) 
    Call 'addClass()' instead of 'addResource()' to add a mapping to a 'Configuration' (HIBERNATE.CAR-3) 
    Close Hibernate Sessions in "finally" blocks (HIBERNATE.CHS-3) 
    Close all 'SessionFactory' objects (HIBERNATE.CSF-3) 
    Include getter and setter methods and an id field for any object mapped to a column in a database table (HIBERNATE.GSIM-3) 
    Declare a no-argument constructor for Hibernate persistent classes (HIBERNATE.IDC-3) 
    Override the 'equals' and 'hashCode' methods for mapped Hibernate objects (HIBERNATE.OHCE-3) 
    Declare the setter method for the Hibernate identifier 'private' (HIBERNATE.PIDS-3) 
    Use mapped, named HQL queries instead of writing queries in Java code (HIBERNATE.UGNQ-3) 
    Use named parameters in HQL queries (HIBERNATE.UNP-3) 
 [14/14]  Initialization (INIT) 
    Avoid uninitialized reads of fields before or during constructor execution (INIT.UIRC-1) 
    Do not use a "static" initializer that creates an instance of the current class before all "static final" fields are assigned (INIT.SICUI-2) 
    Avoid explicitly initializing fields which have already been initialized by a superclass' constructor (INIT.ADI-3) 
    Ensure that the "if" check for lazy initialization uses the correct operator (INIT.AULI-3) 
    Use diamond to invoke the constructor of a generic class (INIT.DIA-3) 
    Do not use initialization circularities for fields (INIT.IC-3) 
    Initialize all local variables explicitly at the declaration statement (INIT.LV-3) 
    Do not use non-final "static" fields during the initialization (INIT.NFS-3) 
    Use explicit initializations/Do not initialize "static" fields to default values (INIT.SF-3) 
    Do not initialize "static" "final" variables with non "final" "static" variables (INIT.SFA-3) 
    Do not use array initializers (INIT.AAI-4) 
    Do not put code other than initialization code in lazy initialization blocks (INIT.CLIB-4) 
    Explicitly initialize all fields (INIT.CSI-4) 
    Avoid double initialization of fields (INIT.DI-4) 
 [17/17]  Internationalization (INTER) 
    Use the optional java.util.Locale parameter (INTER.CCL-3) 
    Do not use single characters with logic operators in an Internationalized environment (INTER.CLO-3) 
    Do not call 'Character.toLowerCase(char)' or 'Character.toUpperCase(char)' in an internationalized environment (INTER.CTLC-3) 
    Isolate translatable text in resource bundles in an Internationalized environment (INTER.ITT-3) 
    Provide a 'Locale' argument when instantiating 'SimpleDateFormat' objects (INTER.SDFL-3) 
    Avoid calling methods and constructors which do not allow you to specify a character encoding option (INTER.SEO-3) 
    Avoid unnecessary "$NON-NLS" and "NOI18N" comments (INTER.UNLS-3) 
    Do not call 'toString()' or 'String.valueOf()' on Date objects in an Internationalized environment (INTER.DTS-4) 
    Use "static final" constants for single character literals in an Internationalized environment (INTER.NCL-4) 
    Do not call 'toString()' or 'String.valueOf()' on numeric values in an Internationalized environment (INTER.NTS-4) 
    Do not call the 'parse' methods of the 'Number' types in an Internationalized environment (INTER.PN-4) 
    Do not call 'toString()' or 'String.valueOf()' on Time objects in an Internationalized environment (INTER.TTS-4) 
    Do not use String concatenation in an Internationalized environment (INTER.COS-5) 
    Do not call 'String.compareTo()' in an Internationalized environment (INTER.SCT-5) 
    Do not call 'String.equals()' in an Internationalized environment (INTER.SE-5) 
    Do not call 'String.indexOf()' or 'String.lastIndexOf()' in an Internationalized environment (INTER.SIO-5) 
    Do not use 'StringTokenizer' in an Internationalized environment (INTER.ST-5) 
 [25/25]  Javadoc Comments (JAVADOC) 
    Always include a description of whether or not a method can return null in the Javadoc (JAVADOC.CRN-3) 
    Avoid unused Javadoc tags (JAVADOC.DPMT-3) 
    Enforce custom Javadoc tags for methods/annotation member types (JAVADOC.ECTM-3) 
    Enforce custom Javadoc tags for types (JAVADOC.ECTT-3) 
    Do not insert non-Javadoc comments between Javadoc comments and declarations (JAVADOC.JNJD-3) 
    Include a meaningful description in Javadoc tags (JAVADOC.MDJT-3) 
    Avoid misformatted Javadoc tags (JAVADOC.MISFORMAT-3) 
    Use the '@return' Javadoc tag in method Javadoc comments (JAVADOC.MRDC-3) 
    Use the '@version' tag in type Javadoc comments (JAVADOC.MVJDT-3) 
    Order Javadoc tags appropriately (JAVADOC.ORDER-3) 
    Use the '@param' Javadoc tag for each parameter of methods (JAVADOC.PARAM-3) 
    Provide Javadoc comments and descriptions for types (JAVADOC.PJDC-3) 
    Provide Javadoc comments and descriptions for fields (JAVADOC.PJDF-3) 
    Provide Javadoc comments and descriptions for methods (JAVADOC.PJDM-3) 
    Enforce restraint on number of lines used for Javadoc comments (JAVADOC.SINGLE-3) 
    Use the '@concurrency' Javadoc tag on "synchronized" methods and blocks (JAVADOC.SMJT-3) 
    Avoid misspelling words in Javadoc comments and string literals (JAVADOC.SPELL-3) 
    Specify 'RUNTIME' as the retention policy when using the '@Documented' annotation (JAVADOC.SRRP-3) 
    Use the '@throws' or '@exception' Javadoc tag in methods (JAVADOC.THROW-3) 
    Provide a Javadoc comment for 'toString()' methods (JAVADOC.TSMJT-3) 
    Ensure that certain Javadoc tags only span one line (JAVADOC.TSOL-3) 
    Avoid using the '@return' Javadoc tag on "void" methods (JAVADOC.VMCR-3) 
    Avoid unsupported '@' tags and other tags that should not be used in Javadoc comments (JAVADOC.BT-4) 
    Enforce custom Javadoc tags for fields (JAVADOC.ECTF-4) 
    Use the '@author' Javadoc tag in declaration Javadoc comments (JAVADOC.MAJDT-4) 
 [10/10]  Java Database Connectivity (JDBC) 
    Ensure index is valid in JDBC method invocation (JDBC.BRSA-1) 
    Close JDBC connections in "finally" blocks (JDBC.CDBC-1) 
    Close JDBC resources in "finally" blocks (JDBC.RRWD-1) 
    Use "PreparedStatements" correctly (JDBC.UPSC-1) 
    Close JDBC objects in the correct order (JDBC.COCO-3) 
    Reuse data sources for JDBC connections (JDBC.DSLV-3) 
    Do not open or close JDBC connections in loops (JDBC.ODBIL-3) 
    Do not store database connection objects in "static" fields (JDBC.SCSF-3) 
    Use javax.sql.DataSource to get the database connection (JDBC.UDS-3) 
    Use instance of RowSetFactory to create a RowSet object (JDBC.URSF-3) 
 [31/31]  JUnit Test Case (JUNIT) 
    Do not include assertion statements in threads other than the main thread (JUNIT.AST-1) 
    Avoid extending 'TestCase' in test classes which contain the '@Test' annotation (JUNIT.ETCTA-1) 
    Ensure that JUnit 5 test classes that use @Ignore are annotated with @ExtendWith(IgnoreCondition.class) or @EnableJUnit4MigrationSupport (JUNIT.IGNORE-1) 
    Ensure JUnit test cases include assertion methods (JUNIT.SIA-1) 
    Make 'suite()' methods "public" and "static" (JUNIT.SUITE-1) 
    Do not use the TemporaryFolder Rule in JUnit 5 tests (JUNIT.TDIR-1) 
    Make sure all methods have at least one JUnit test method (JUNIT.TEST-2) 
    Prefer assertEquals and assertNotEquals over assertTrue and assertFalse (JUNIT.AEAT-3) 
    Do not hard code the location to data used by a unit test (JUNIT.AHLOD-3) 
    Prefer assertNull and assertNotNull over assertTrue and assertFalse (JUNIT.ANAT-3) 
    Avoid negating boolean parameters to assertTrue() or assertFalse() (JUNIT.ANBA-3) 
    Prefer assertSame and assertNotSame over assertTrue and assertFalse (JUNIT.ASAT-3) 
    Include a message string in JUnit assertions (JUNIT.ASSERT-3) 
    Avoid using loops in JUnit tests (JUNIT.AUL-3) 
    Avoid calling 'assert' methods in catch blocks (JUNIT.CBA-3) 
    Call the superclass' 'setUp' and 'tearDown' methods in the 'setUp' and 'tearDown' methods of JUnit test classes (JUNIT.CSUPER-3) 
    Ensure that 'setUp()' and 'tearDown()' methods are implemented correctly (JUNIT.CSUTD-3) 
    Use the fail() method instead of forcing a failed condition using the assertTrue(false) or assertFalse(true) method (JUNIT.FAIL-3) 
    Do not invoke the 'fail()' method in a 'catch' block in a JUnit test method (JUNIT.FICB-3) 
    Do not implement the 'suite()' method in JUnit test classes (JUNIT.ISMTC-3) 
    Do not use the constructor to set up test cases (JUNIT.OSIC-3) 
    Ensure that a setup method is defined in the test class (JUNIT.OSUM-3) 
    Ensure that a cleanup method is defined in the test class (JUNIT.OTDM-3) 
    Do not use JUnit 4 annotations when migrating tests to JUnit 5 (JUNIT.RPL5-3) 
    Set all fields which are initialized in the 'setUp()' method to "null" in the 'tearDown()' method (JUNIT.SIFN-3) 
    Use '@Test' annotation instead of extending 'TestCase' (JUNIT.TATC-3) 
    Include at least one test method in each 'TestCase' class (JUNIT.TCWNT-3) 
    Include an appropriate Javadoc tag in the Javadoc for JUnit test methods (JUNIT.UPJT-3) 
    Use the correct signature for the 'suite()' method in JUnit test classes (JUNIT.UPSS-3) 
    Ensure that JUnit classes have a main() allowing them to be executed in isolation (JUNIT.MAIN-4) 
    Place each test class in the same location as the class that it tests (JUNIT.DIR-5) 
 [23/23]  Metrics - deprecated (METRICS) 
    DEPRECATED: Number of lines in "class" or "interface" (METRICS.CTNL-2) 
    DEPRECATED: Number of comment lines in a method (METRICS.NOMCML-2) 
    DEPRECATED: Number of package-private fields (METRICS.NPKGF-2) 
    DEPRECATED: Number of package-private methods (METRICS.NPKGM-2) 
    DEPRECATED: Number of "private" fields (METRICS.NPRIF-2) 
    DEPRECATED: Number of "private" methods (METRICS.NPRIM-2) 
    DEPRECATED: Number of "protected" fields (METRICS.NPROF-2) 
    DEPRECATED: Number of "protected" methods (METRICS.NPROM-2) 
    DEPRECATED: Number of "public" fields (METRICS.NPUBF-2) 
    DEPRECATED: Number of "public" methods (METRICS.NPUBM-2) 
    DEPRECATED: Number of parameters (METRICS.PAR-2) 
    DEPRECATED: Number of lines in a method (METRICS.TNLM-2) 
    DEPRECATED: Number of method calls (METRICS.TNMC-2) 
    DEPRECATED: Number of "return" statements (METRICS.TRET-2) 
    DEPRECATED: Cyclomatic Complexity (METRICS.VG-2) 
    DEPRECATED: Number of statement lines in a method (METRICS.ECLM-3) 
    DEPRECATED: Number of statement lines in a "class" or "interface" (METRICS.ECLT-3) 
    DEPRECATED: Number of statements in a method (METRICS.NSTMT-3) 
    DEPRECATED: Percentage of Javadoc comments (%) (METRICS.PJDC-3) 
    DEPRECATED: Number of fields (METRICS.NOFT-4) 
    DEPRECATED: Number of methods (METRICS.NOM-4) 
    DEPRECATED: Number of comment lines in a "class" or "interface" (METRICS.NOTCML-4) 
    DEPRECATED: "class" or "interface" inheritance level (METRICS.ID-5) 
 [17/17]  Embedded Devices (MOBILE) 
     [7/7]  Java 2 Micro Edition (MOBILE.J2ME) 
        Do not use anonymous classes as interface implementors (MOBILE.J2ME.ACII-3) 
        Do not use an array length in a loop condition expression (MOBILE.J2ME.ARLL-3) 
        Avoid constant initializations of primitive arrays that exceed a certain size (MOBILE.J2ME.CIPA-3) 
        Avoid classes that are subclassed only once and are not publicly used (MOBILE.J2ME.CSOO-3) 
        Do not access a field excessively (MOBILE.J2ME.EAOF-3) 
        Ensure methods use return parameters instead of returning new objects (MOBILE.J2ME.EURP-3) 
        Catch 'OutOfMemoryError' for large array allocations (MOBILE.J2ME.OOME-3) 
     [2/2]  Google Android (MOBILE.ANDROID) 
        Always override 'onSaveInstanceState()' (MOBILE.ANDROID.AOSM-3) 
        Make sure that widgets aren't updated too often (MOBILE.ANDROID.WUP-3) 
    Avoid accessing same fields and methods multiple times (MOBILE.ACFM-3) 
    Avoid using 'getter' and 'setter' methods (MOBILE.AMA-3) 
    Avoid using array of primtive wrapper objects (MOBILE.APTA-3) 
    Avoid using enhanced "for" loop to walk through a "java.lang.Iterable" object (MOBILE.AUEF-3) 
    Avoid declaring "interface" types (MOBILE.AUI-3) 
    Avoid multiple dimension arrays (MOBILE.DARRAY-3) 
    Avoid using enums (MOBILE.ENUM-3) 
    Avoid using floats (MOBILE.FLOATER-3) 
 [38/38]  Naming Conventions (NAMING) 
    Do not declare types with the same name as types in the Java platform (NAMING.DJLO-2) 
    Avoid using potential Java keywords as identifiers (NAMING.ID-2) 
    Do not use a package name that is reserved by Sun (NAMING.RPKG-2) 
    Follow class name conventions defined for annotations (NAMING.ANNS-3) 
    Avoid using dollar signs in names (NAMING.DSN-3) 
    Ensure class names reflect classes which they extend (NAMING.ECN-3) 
    Follow class name conventions defined for base classes (NAMING.EXTENDS-3) 
    Follow a naming convention for getter methods (NAMING.GETA-3) 
    Follow a naming convention for "boolean" getter methods (NAMING.GETB-3) 
    Use all uppercase letters for the names of fields in an "interface" (NAMING.IFV-3) 
    Follow class name conventions defined for implemented interfaces (NAMING.IMPLS-3) 
    Use 'is...' only for naming methods that return a "boolean" (NAMING.IRB-3) 
    Use a naming convention for annotations (NAMING.NA-3) 
    Use a naming convention for array and collection variables (NAMING.NAC-3) 
    Use a naming convention for "abstract" classes (NAMING.NACL-3) 
    Use a naming convention for classes (NAMING.NCL-3) 
    Use a naming convention for exceptions (NAMING.NE-3) 
    Use a naming convention for enum type declarations (NAMING.NENUM-3) 
    Use a naming convention for "final" local variables (NAMING.NFL-3) 
    Use a naming convention for non-"static" fields (NAMING.NIF-3) 
    Use a naming convention for interfaces (NAMING.NITF-3) 
    Use a naming convention for local variables (NAMING.NLV-3) 
    Use a naming convention for non-"static" methods (NAMING.NM-3) 
    Use a naming convention for method parameters (NAMING.NMP-3) 
    Use a naming convention for type parameters (NAMING.NPH-3) 
    Use a naming convention for non-"final" "static" fields (NAMING.NSF-3) 
    Use a naming convention for "static" methods (NAMING.NSM-3) 
    Use a naming convention for JUnit test classes (NAMING.NTEST-3) 
    Use a naming convention for "package" names (NAMING.PKG-3) 
    Follow a naming convention for setter methods (NAMING.SETA-3) 
    Use a naming convention for singleton classes (NAMING.SINGLETON-3) 
    Use a naming convention for tag handlers and associated classes (NAMING.THAC-3) 
    Do not use lowercase letters in "final" "static" field names (NAMING.USF-3) 
    Use a naming convention for utility classes (NAMING.UTIL-3) 
    Do not use variables with identical names or names that differ only in case (NAMING.UUVN-3) 
    Use conventional variable names (NAMING.CVN-4) 
    Follow limits for the lengths of type, method, field, parameter, and variable names (NAMING.LLI-4) 
    Use Hungarian notation for variables (NAMING.UHN-4) 
 [35/35]  Object Oriented Programming (OOP) 
    Do not hide inherited fields (OOP.AHF-1) 
    Do not declare a method in an interface which conflicts with a 'protected' method of 'Object' (OOP.CIMOM-1) 
    Do not extend concrete classes in "abstract" classes (OOP.ACECC-3) 
    Avoid casts to types which are more specific than necessary (OOP.ACST-3) 
    Avoid "public"/"protected"/package-private fields (OOP.AF-3) 
    Do not hide inherited "static" member methods (OOP.AHSM-3) 
    Add the "@Override" annotation to overriding methods (OOP.AOA-3) 
    Always override certain methods when extending certain types (OOP.AOCM-3) 
    Redeclare a class with only "abstract" methods and "static final" fields as an "interface" (OOP.ASFI-3) 
    Do not implement or extend annotations (OOP.AUASI-3) 
    Do not use an object to access "static" fields or methods (OOP.AUO-3) 
    Do not hide fields and local variables declared in enclosing scopes (OOP.HIF-3) 
    Do not give method local variables and parameters the same name as class fields (OOP.HMF-3) 
    Avoid inner classes in interfaces (OOP.ICIF-3) 
    Avoid implementing interfaces only to access constants (OOP.IIAC-3) 
    Avoid more than two levels of nested inner classes (OOP.LEVEL-3) 
    Give "finalize()" methods "protected" access (OOP.MFP-3) 
    Provide mutable classes with copy functionality (OOP.MUCOP-3) 
    Avoid "abstract" classes without "abstract" methods (OOP.NAM-3) 
    Do not declare "public" or package-private constructors in "abstract" classes (OOP.NPAC-3) 
    Do not override an instance "private" method (OOP.OPM-3) 
    Do not use "protected" access for members of "final" classes (OOP.PIFC-3) 
    Ensure 'public' classes have at least one 'public' or 'protected' member (OOP.PMPC-3) 
    Do not declare a class as implementing an interface if a superclass already implements that interface (OOP.RI-3) 
    Use a naming convention for singleton classes (OOP.SNGL-3) 
    Specify which version of potentially ambiguous methods you wish to call for method calls in inner classes (OOP.SVHM-3) 
    Ensure methods are either a command(change state) or a query(get state) (OOP.CQS-4) 
    Avoid declaring methods inherited from class "Object" in an interface (OOP.IDOM-4) 
    Use "instanceof" only on interfaces (OOP.INSOF-4) 
    Avoid interfaces with no fields or methods (marker interfaces) (OOP.MI-4) 
    Declare methods in "abstract" classes with empty bodies "abstract" (OOP.NOMA-4) 
    Do not declare "private" or "static" methods as "final" (OOP.PSDF-4) 
    Avoid referencing a class' subclasses from itself (OOP.RSFC-4) 
    Use getContextClassLoader() instead of getClassLoader() (OOP.THRECL-4) 
    Implement interface methods non-trivially or declare them "abstract" (OOP.IIN-5) 
 [56/56]  Optimization (OPT) 
    When calling "Math.ceil()", do not pass in an integer that has been cast to a floating point type (OPT.ICDPC-2) 
    Avoid questionable uses of non-short-circuit logic (OPT.USCL-2) 
    Change non-"private" members to "private" in anonymous classes (OPT.AAM-3) 
    Use abbreviated assignment operators (OPT.AAS-3) 
    Do not use the 'new String(String)' constructor (OPT.ACDO-3) 
    Do not get the 'Class' object through new object instantiation (OPT.AGC-3) 
    Avoid new instantiations of primitive wrapper objects, whose values are cached (OPT.ANIPW-3) 
    Avoid unnecessary Map operations (OPT.AUMO-3) 
    Simplify "boolean" returns (OPT.BR-3) 
    Close all "java.io.Closeable" resources in a "finally" block (OPT.CCR-3) 
    Avoid putting constant expressions inside loops (OPT.CEIL-3) 
    Do not call methods in loop condition statements (OPT.CEL-3) 
    Close input and output resources in "finally" blocks (OPT.CIO-3) 
    Check the logging level before calling potentially expensive logging operations (OPT.CLL-3) 
    Do not convert a value to a String by concatenating the empty String (OPT.CPTS-3) 
    Avoid duplicate calls to the "get" methods of "ResultSet" (OPT.CRSG-3) 
    Close resources as early as possible (OPT.CRWD-3) 
    Do not use a "private" field that is accessed in only one method; change it to a local variable (OPT.CTLV-3) 
    Define initial capacities for 'ArrayList', 'HashMap', 'HashSet', 'Hashtable', 'Vector' and 'WeakHashMap' (OPT.DIC-3) 
    Use 'String.length() == 0' instead of 'String.equals("")' (OPT.EES-3) 
    Use 'equalsIgnoreCase()' instead of calls to 'toLowerCase()' or 'toUpperCase()' (OPT.EIC-3) 
    Avoid calling expensive operations in the body of a loop (OPT.EOIL-3) 
    Avoid accessing members which will require synthetic accessor methods (OPT.ICGA-3) 
    Do not iterate through Lists using the 'get()' method (OPT.ILUG-3) 
    Use 'System.arraycopy()' instead of using a loop to copy arrays (OPT.IRB-3) 
    Do not instantiate a class which contains only static fields and methods (OPT.ISC-3) 
    Move invariants outside of loops wherever possible (OPT.LIOL-3) 
    Do not instantiate variables in a loop body (OPT.LOOP-3) 
    Avoid unnecessary comparisons to "null" (OPT.MUNC-3) 
    Avoid 'null' check before 'instanceof' (OPT.NCIO-3) 
    Avoid creating new instances of BigInteger and BigDecimal (OPT.NIW-3) 
    Declare "final" fields with a known compile time value as "static" (OPT.NSF-3) 
    Use 'charAt()' instead of 'startsWith()' for one character comparisons (OPT.PCTS-3) 
    Do not instantiate the wrapper classes for primitive types (OPT.PRIM-3) 
    Specify an initial 'StringBuffer' capacity (OPT.SB-3) 
    Avoid converting StringBuffer or StringBuilder to String to check length (OPT.SBL-3) 
    Use 'StringBuilder' instead of 'StringBuffer' when synchronization is not required (OPT.SBS-3) 
    Avoid using synchronized data structures for local variables (OPT.SDLS-3) 
    Declare member classes "static" if possible (OPT.SI-3) 
    Avoid using 'String.replaceAll()' with literal values (OPT.SRA-3) 
    Use single quotes instead of double quotes for single character string concatenation (OPT.STR-3) 
    Simplify methods that return strings that are always concatenated (OPT.STRBUF-3) 
    Avoid unnecessary calls to 'String' methods (OPT.STS-3) 
    Avoid use of if statements if they can be replaced with switch statements (OPT.SWIF-3) 
    Do not call a synchronized method inside of a loop (OPT.SYN-3) 
    Do not compare boolean variables with "true" (OPT.UEQ-3) 
    Avoid unnecessary "instanceof" evaluations (OPT.UISO-3) 
    Do not call the methods from 'java.lang.Math' if the result is a constant which can be easily determined (OPT.UMATH-3) 
    Avoid unnecessary casting (OPT.UNC-3) 
    Use 'StringBuffer' instead of 'String' when concatenating strings (OPT.USB-3) 
    Use 'String' instead of 'StringBuffer' for constant strings (OPT.USC-3) 
    Do not call ''String.toCharArray()'' unnecessarily (OPT.STCA-4) 
    Use 'stack' variables whenever possible (OPT.USV-4) 
    Make getter and setter methods for instance fields "final" (OPT.MAF-5) 
    Use the 'nextInt()' method to generate a random integer (OPT.NIVND-5) 
    Use collection size for target array in 'toArray()' (OPT.TOARRAY-5) 
 [75/75]  OWASP Top 10 Most Critical Web Application Security Risks (2017) (OWASP2017) 
     [6/6]  A2-Broken Authentication (OWASP2017.A2) 
        Always call 'HttpSession.invalidate()' before 'LoginContext.login()' (OWASP2017.A2.ISL-1) 
        Ensure proper session expiration (OWASP2017.A2.RUIM-1) 
        Ensure that sessions are configured to time out in 'web.xml' files (OWASP2017.A2.STTL-1) 
        Protect against using unprotected credentials (OWASP2017.A2.TDPASSWD-2) 
        Do not rely on IP addresses obtained from HTTP request headers for authentication (OWASP2017.A2.HTTPRHA-3) 
        Avoid using the 'getRequestedSessionId' method from the 'HttpServletRequest' class (OWASP2017.A2.HGRSI-4) 
     [12/12]  A1-Injection (OWASP2017.A1) 
        Protect against Command injection (OWASP2017.A1.TDCMD-1) 
        Protect against Jakarta Digester injection (OWASP2017.A1.TDDIG-1) 
        Protect against Environment injection (OWASP2017.A1.TDENV-1) 
        Exclude unsanitized user input from format strings (OWASP2017.A1.TDINPUT-1) 
        Protect against JXPath injection (OWASP2017.A1.TDJXPATH-1) 
        Protect against LDAP injection (OWASP2017.A1.TDLDAP-1) 
        Protect against Reflection injection (OWASP2017.A1.TDRFL-1) 
        Protect against SQL injection (OWASP2017.A1.TDSQL-1) 
        Protect against XPath injection (OWASP2017.A1.TDXPATH-1) 
        Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (OWASP2017.A1.UPS-1) 
        Protect against log forging (OWASP2017.A1.TDLOG-2) 
        Protect against network resource injection (OWASP2017.A1.TDNET-2) 
     [2/2]  A10-Insufficient Logging&Monitoring (OWASP2017.A10) 
        Ensure all exceptions are either logged with a standard logger or rethrown (OWASP2017.A10.LGE-2) 
        Ensure all sensitive method invocations are logged (OWASP2017.A10.ENFL-3) 
     [9/9]  A8-Insecure Deserialization (OWASP2017.A8) 
        Avoid parsing untrusted data with XMLDecoder (OWASP2017.A8.AUXD-2) 
        Disable LDAP deserialization (OWASP2017.A8.SC-2) 
        Create a 'serialVersionUID' for all 'Serializable' classes (OWASP2017.A8.DUID-3) 
        Define a "readResolve" method for all instances of Serializable types (OWASP2017.A8.RRSC-3) 
        Ensure that all fields are assigned by the 'readObject()' method and written out by the 'writeObject()' method (OWASP2017.A8.RWAF-3) 
        Always declare writeObject and readObject methods for Serializable subclasses of non-Serializable parents (OWASP2017.A8.SCBNP-3) 
        Do not declare the 'readObject()' method as "synchronized" (OWASP2017.A8.SROS-3) 
        Validate objects before deserialization (OWASP2017.A8.VOBD-3) 
        Implement 'readObject()' and 'writeObject()' for all 'Serializable' classes (OWASP2017.A8.OROM-5) 
     [3/3]  A7-Cross-Site Scripting (XSS) (OWASP2017.A7) 
        Canonicalize all data before validation (OWASP2017.A7.CDBV-1) 
        Protect against HTTP response splitting (OWASP2017.A7.TDRESP-1) 
        Protect against XSS vulnerabilities (OWASP2017.A7.TDXSS-1) 
     [18/18]  A6-Security Misconfiguration (OWASP2017.A6) 
        Avoid using the DriverManagerDataSource class in production code (OWASP2017.A6.DMDS-1) 
        Avoid debug information from Spring Security framework to logs (OWASP2017.A6.EWSSEC-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (OWASP2017.A6.PWDXML-1) 
        Avoid storing unencrypted Hibernate usernames and passwords in 'web.xml' files (OWASP2017.A6.UPWD-1) 
        Do not disable CSRF protection (OWASP2017.A6.DCSRFJAVA-2) 
        Do not disable CSRF protection (OWASP2017.A6.DCSRFXML-2) 
        Password information should not be included in properties file in plaintext (OWASP2017.A6.PLAIN-2) 
        Do not call the 'printStackTrace()' method of "Throwable" objects (OWASP2017.A6.ACPST-3) 
        Avoid "try", "catch" and "finally" blocks with empty bodies (OWASP2017.A6.AECB-3) 
        Do not catch exception types which are too general or are unchecked exceptions (OWASP2017.A6.NCE-3) 
        Do not catch 'NullPointerException' (OWASP2017.A6.NCNPE-3) 
        Do not throw exception types which are too general or are unchecked exceptions (OWASP2017.A6.NTERR-3) 
        Avoid declaring methods to throw general or unchecked Exception types (OWASP2017.A6.NTX-3) 
        Do not declare entity beans as remote (OWASP2017.A6.RR-3) 
        Always specify error pages in web.xml (OWASP2017.A6.SEP-3) 
        Avoid calling print methods of 'System.err' or 'System.out' (OWASP2017.A6.SIO-3) 
        Ensure Session-ID Length is sufficient (OWASP2017.A6.SLID-3) 
        Restrict cross-origin resource sharing to secure origins (OWASP2017.A6.JXCORS-4) 
     [2/2]  A5-Broken Access Control (OWASP2017.A5) 
        Protect against File names injection (OWASP2017.A5.TDFNAMES-1) 
        Avoid granting access permission for EJB methods to the 'ANYONE' role (OWASP2017.A5.DPANY-3) 
     [1/1]  A4-XML External Entities (XXE) (OWASP2017.A4) 
        Disable XML external entity injection (OWASP2017.A4.DXXE-2) 
     [22/22]  A3-Sensitive Data Exposure (OWASP2017.A3) 
        Avoid using insecure cryptographic algorithms for data encryption with Spring (OWASP2017.A3.AISSAJAVA-1) 
        Avoid using insecure cryptographic algorithms in Spring XML configurations (OWASP2017.A3.AISSAXML-1) 
        Do not log confidential or sensitive information (OWASP2017.A3.CONSEN-1) 
        Avoid using hard-coded cryptographic keys (OWASP2017.A3.HCCK-1) 
        Ensure the HostnameVerifier.verify() method validates the certificate (OWASP2017.A3.HV-1) 
        Avoid using insecure algorithms for cryptography (OWASP2017.A3.ICA-1) 
        MessageDigest objects must process the data with the 'update' method (OWASP2017.A3.MCMDU-1) 
        Use hash functions with a salt (OWASP2017.A3.MDSALT-1) 
        Do not pass exception messages into output in order to prevent the application from leaking sensitive information (OWASP2017.A3.PEO-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (OWASP2017.A3.PWDPROP-1) 
        Prevent exposure of sensitive data (OWASP2017.A3.SENS-1) 
        Initialize KeyGenerator instances (OWASP2017.A3.SIKG-1) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (OWASP2017.A3.SRD-1) 
        Always verify JarFile signatures (OWASP2017.A3.VJFS-1) 
        Avoid using the javax.crypto.NullCipher class in non-test classes (OWASP2017.A3.AUNC-2) 
        Ensure arguments passed to certain methods come from predefined methods list (OWASP2017.A3.ENPP-2) 
        Avoid non-random "byte[]" when using IvParameterSpec (OWASP2017.A3.IVR-2) 
        Properly validate server identity (OWASP2017.A3.VSI-2) 
        Do not hard-code IP addresses and port numbers (OWASP2017.A3.HCNA-3) 
        Safely serialize sensitive data (OWASP2017.A3.SSSD-3) 
        Use the SSL-enabled version of classes when possible (OWASP2017.A3.USC-3) 
        Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files (OWASP2017.A3.HTTPS-5) 
 [167/167]  OWASP API Security Top 10 (2019) (OWASP2019) 
     [33/33]  API3-Excessive Data Exposure (OWASP2019.API3) 
        Always specify absolute paths to execute commands (OWASP2019.API3.PBRTE-1) 
        Do not pass exception messages into output in order to prevent the application from leaking sensitive information (OWASP2019.API3.PEO-1) 
        Enforce 'SecurityManager' checks before setting or getting fields (OWASP2019.API3.SCF-1) 
        Enforce 'SecurityManager' checks in methods of 'Cloneable' classes (OWASP2019.API3.SCLONE-1) 
        Enforce 'SecurityManager' checks in methods of 'Serializable' classes (OWASP2019.API3.SCSER-1) 
        Ensure 'SecurityManager' check in constructor of "public" non-"final" sensitive type (OWASP2019.API3.SCSM-1) 
        Prevent exposure of sensitive data (OWASP2019.API3.SENS-1) 
        Do not interrogate or modify security policy information in a web component (OWASP2019.API3.SPI-1) 
        Declare "transient" fields "private" (OWASP2019.API3.TFP-1) 
        Use the ''getSecure()'' and ''setSecure()'' methods to enforce the use of secure cookies (OWASP2019.API3.UOSC-1) 
        Use "PreparedStatements" correctly (OWASP2019.API3.UPSC-1) 
        Do not use static variables in servlets without synchronization (OWASP2019.API3.NSSS-2) 
        Declare a package-private method "final" if it is not overridden (OWASP2019.API3.SPAM-2) 
        Declare 'serialPersistentFields' "private static final" (OWASP2019.API3.SPF-2) 
        Avoid "transient" fields in serialPersistentFields array (OWASP2019.API3.TSPF-2) 
        Encapsulate all redirect and forward URLs with a validation function (OWASP2019.API3.VRD-2) 
        Properly validate server identity (OWASP2019.API3.VSI-2) 
        Ensure that 'axis.development.system' is set to "false" in Axis 'server-config.wsdd' files (OWASP2019.API3.ADS-3) 
        Ensure that 'axis.enableListQuery' is set to "false" in Axis 'server-config.wsdd' files (OWASP2019.API3.AELQ-3) 
        Do not throw 'NullPointerException' (OWASP2019.API3.NTNPE-3) 
        Declare subclasses of 'PrivilegedAction', 'PrivilegedExceptionAction', and 'PrivilegedActionException' "final" (OWASP2019.API3.PAF-3) 
        Declare subclasses of 'Permission' and 'BasicPermission' "final" (OWASP2019.API3.PBPSF-3) 
        Avoid using dynamically loaded classes in "privileged" code blocks (OWASP2019.API3.PDLC-3) 
        Declare the 'run()' method of 'PrivilegedAction' and 'PrivilegedExceptionAction' implementations "final" (OWASP2019.API3.PRMF-3) 
        Store sensitive data in mutable objects (OWASP2019.API3.SDM-3) 
        Ensure that JavaBean classes implement 'java.io.Serializable' (OWASP2019.API3.SERIALIZABLE-3) 
        Avoid using the SOAP Monitor module (OWASP2019.API3.SMM-3) 
        Ensure 'SecurityManager' checks before 'Socket' transfers or retrievals (OWASP2019.API3.SMSTR-3) 
        Minimize usage of System.out and System.err in Servlets (OWASP2019.API3.SOP-3) 
        Catch all exceptions which may be thrown within Servlet methods (OWASP2019.API3.CETS-4) 
        Declare package-private methods as inaccessible as possible (OWASP2019.API3.DPAM-5) 
        Ensure that file target paths retrieved by resolving symbolic links are safe (OWASP2019.API3.FOLLOW-5) 
        Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files (OWASP2019.API3.HTTPS-5) 
     [23/23]  API2-Broken User Authentication (OWASP2019.API2) 
        Avoid hard-coding the arguments to certain methods (OWASP2019.API2.AHCA-1) 
        Avoid using insecure cryptographic algorithms for data encryption with Spring (OWASP2019.API2.AISSAJAVA-1) 
        Avoid using insecure cryptographic algorithms in Spring XML configurations (OWASP2019.API2.AISSAXML-1) 
        Keep all authentication methods centralized to enforce consistency (OWASP2019.API2.CAM-1) 
        Avoid using hard-coded cryptographic keys (OWASP2019.API2.HCCK-1) 
        Avoid passing hardcoded usernames/passwords/URLs to database connection methods (OWASP2019.API2.HCCS-1) 
        Avoid using insecure algorithms for cryptography (OWASP2019.API2.ICA-1) 
        Use hash functions with a salt (OWASP2019.API2.MDSALT-1) 
        Call authentication methods to enforce consistency (OWASP2019.API2.PAC-1) 
        Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files (OWASP2019.API2.PCCF-1) 
        Avoid EJB 3 methods without security annotations (OWASP2019.API2.PERMIT-1) 
        Avoid storing sensitive data in plaintext in a cookie (OWASP2019.API2.PLC-1) 
        Avoid using the javax.crypto.NullCipher class in non-test classes (OWASP2019.API2.AUNC-2) 
        Avoid using cryptographic keys which are too short (OWASP2019.API2.CKTS-2) 
        Use the 'minlength' validator for password fields in 'validation.xml' (OWASP2019.API2.MLVP-2) 
        Password information should not be included in properties file in plaintext (OWASP2019.API2.PLAIN-2) 
        Mark cookies as HttpOnly (OWASP2019.API2.SCHTTP-2) 
        Protect against using unprotected credentials (OWASP2019.API2.TDPASSWD-2) 
        Clear sensitive data after use (OWASP2019.API2.CSD-3) 
        Avoid granting access permission for EJB methods to the 'ANYONE' role (OWASP2019.API2.DPANY-3) 
        Avoid using plain text passwords in Axis 'wsdd' files (OWASP2019.API2.PTPT-3) 
        Avoid using plain text passwords in Axis2 configuration files (OWASP2019.API2.UTAX-3) 
        Avoid using the 'getRequestedSessionId' method from the 'HttpServletRequest' class (OWASP2019.API2.HGRSI-4) 
     [11/11]  API10-Insufficient Logging & Monitoring (OWASP2019.API10) 
        Do not log confidential or sensitive information (OWASP2019.API10.CONSEN-1) 
        Avoid logging sensitive Hibernate-related information at the 'info' level in 'log4j.properties' files (OWASP2019.API10.LHII-1) 
        Ensure all exceptions are either logged with a standard logger or rethrown (OWASP2019.API10.LGE-2) 
        Protect against log forging (OWASP2019.API10.TDLOG-2) 
        Do not call the 'printStackTrace()' method of "Throwable" objects (OWASP2019.API10.ACPST-3) 
        Avoid using multiple loggers, use logging levels instead (OWASP2019.API10.AUML-3) 
        Avoid debug levels which are too high in Tomcat's 'server.xml' (OWASP2019.API10.DLTH-3) 
        Ensure all sensitive method invocations are logged (OWASP2019.API10.ENFL-3) 
        Ensure that the logging level checked matches the level of the called logging method (OWASP2019.API10.LLM-3) 
        Avoid calling print methods of 'System.err' or 'System.out' (OWASP2019.API10.SIO-3) 
        Avoid writing to Consoles (OWASP2019.API10.ACW-5) 
     [1/1]  API5-Broken Function Level Authorization (OWASP2019.API5) 
        Keep all access control methods centralized to enforce consistency (OWASP2019.API5.CACM-1) 
     [9/9]  API4-Lack of Resources & Rate Limiting (OWASP2019.API4) 
        Avoid using the DriverManagerDataSource class in production code (OWASP2019.API4.DMDS-1) 
        Ensure resources are deallocated (OWASP2019.API4.LEAKS-1) 
        Validate potentially tainted data before it is used to determine the size of memory allocation (OWASP2019.API4.TDALLOC-2) 
        Close resources as early as possible (OWASP2019.API4.CRWD-3) 
        Ensure 'wait()', 'notify()' and 'notifyAll()' are invoked on an object that is clearly synchronized in its enclosing mod scope (OWASP2019.API4.NSYN-3) 
        Do not open or close JDBC connections in loops (OWASP2019.API4.ODBIL-3) 
        Do not call the 'start()' method directly on Thread class instances (OWASP2019.API4.ISTART-4) 
        Specify a valid 'maxlength' value for each form field in Struts validation files (OWASP2019.API4.MLFF-4) 
        Ensure sufficient protection against multiple failed authentication attempts (OWASP2019.API4.PBFA-5) 
     [46/46]  API7-Security Misconfiguration (OWASP2019.API7) 
        Avoid defining multiple security roles with the same name in 'web.xml' files (OWASP2019.API7.DSR-1) 
        Avoid debug information from Spring Security framework to logs (OWASP2019.API7.EWSSEC-1) 
        Ensure the HostnameVerifier.verify() method validates the certificate (OWASP2019.API7.HV-1) 
        MessageDigest objects must process the data with the 'update' method (OWASP2019.API7.MCMDU-1) 
        Call access control methods to enforce consistency (OWASP2019.API7.PACC-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (OWASP2019.API7.PWDPROP-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (OWASP2019.API7.PWDXML-1) 
        Initialize KeyGenerator instances (OWASP2019.API7.SIKG-1) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (OWASP2019.API7.SRD-1) 
        Avoid storing unencrypted Hibernate usernames and passwords in 'web.xml' files (OWASP2019.API7.UPWD-1) 
        Ensure WS-Security is enabled in WebSphere 'ibm-webservicesclient-ext.xmi' files (OWASP2019.API7.WCMWS-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files (OWASP2019.API7.WCPWD-1) 
        Ensure WS-Security is enabled in WebSphere 'ibm-webservices-ext.xmi' files (OWASP2019.API7.WMWS-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files (OWASP2019.API7.WPWD-1) 
        Do not access or modify security configuration objects (OWASP2019.API7.AMSC-2) 
        Do not disable CSRF protection (OWASP2019.API7.DCSRFJAVA-2) 
        Do not disable CSRF protection (OWASP2019.API7.DCSRFXML-2) 
        Ensure arguments passed to certain methods come from predefined methods list (OWASP2019.API7.ENPP-2) 
        Avoid non-random "byte[]" when using IvParameterSpec (OWASP2019.API7.IVR-2) 
        Ensure that the 'scope' attribute is set to either "request" or "session" for actions and exceptions in 'struts-config.xml' files (OWASP2019.API7.RSS-2) 
        Do not set or create a new SecurityManager in EJBs (OWASP2019.API7.SMSN-2) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservicesclient-ext.xmi' files (OWASP2019.API7.WCMC-2) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservices-ext.xmi' files (OWASP2019.API7.WMC-2) 
        Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservices-ext.xmi' files (OWASP2019.API7.WMI-2) 
        Avoid "try", "catch" and "finally" blocks with empty bodies (OWASP2019.API7.AECB-3) 
        Ensure that 'InflowSecurity' and 'OutflowSecurity' parameters are specified in Axis2 configuration files (OWASP2019.API7.ISOS-3) 
        Avoid using native JDBC (OWASP2019.API7.JDBCTEMPLATE-3) 
        Include an appropriate '<login-config>' element to specify the type of authentication to be performed in 'web.xml' files (OWASP2019.API7.LCA-3) 
        Do not catch 'NullPointerException' (OWASP2019.API7.NCNPE-3) 
        Do not declare entity beans as remote (OWASP2019.API7.RR-3) 
        Ensure that the 'Signature' directive is specified for each 'items' tag in Axis2 configuration files (OWASP2019.API7.SDAR-3) 
        Always specify error pages in web.xml (OWASP2019.API7.SEP-3) 
        Ensure Session-ID Length is sufficient (OWASP2019.API7.SLID-3) 
        Ensure that each security role referenced in a 'web.xml' file has a corresponding definition (OWASP2019.API7.SRCD-3) 
        Ensure that the 'Timestamp' directive is specified for each 'items' tag in Axis2 configuration files (OWASP2019.API7.TDAR-3) 
        Ensure that all constrained resources are protected with a '<user-data-constraint>' element in 'web.xml' files (OWASP2019.API7.UDC-3) 
        Use the SSL-enabled version of classes when possible (OWASP2019.API7.USC-3) 
        Avoid misconfiguring timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files (OWASP2019.API7.WCMT-3) 
        Avoid unsigned timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files (OWASP2019.API7.WCUTS-3) 
        Avoid misconfiguring timestamps in WebSphere 'ibm-webservices-ext.xmi' files (OWASP2019.API7.WMT-3) 
        Ensure that the Rampart WS-Security module is enabled in Axis2 configuration files (OWASP2019.API7.WSS-3) 
        Avoid unsigned timestamps in WebSphere 'ibm-webservices-ext.xmi' files (OWASP2019.API7.WUTS-3) 
        Avoid using custom MessageDigest implementations (OWASP2019.API7.ACMD-4) 
        Restrict cross-origin resource sharing to secure origins (OWASP2019.API7.JXCORS-4) 
        Do not throw exception types which are too general or are unchecked exceptions (OWASP2019.API7.NTERR-5) 
        Avoid declaring methods to throw general or unchecked Exception types (OWASP2019.API7.NTX-5) 
     [11/11]  API9-Improper Assets Management (OWASP2019.API9) 
        Avoid unused Javadoc tags (OWASP2019.API9.DPMT-3) 
        Do not insert non-Javadoc comments between Javadoc comments and declarations (OWASP2019.API9.JNJD-3) 
        Avoid misformatted Javadoc tags (OWASP2019.API9.MISFORMAT-3) 
        Order Javadoc tags appropriately (OWASP2019.API9.ORDER-3) 
        Use the '@concurrency' Javadoc tag on "synchronized" methods and blocks (OWASP2019.API9.SMJT-3) 
        Specify 'RUNTIME' as the retention policy when using the '@Documented' annotation (OWASP2019.API9.SRRP-3) 
        Ensure that certain Javadoc tags only span one line (OWASP2019.API9.TSOL-3) 
        Include an appropriate Javadoc tag in the Javadoc for JUnit test methods (OWASP2019.API9.UPJT-3) 
        Avoid using the '@return' Javadoc tag on "void" methods (OWASP2019.API9.VMCR-3) 
        Use the '@throws' or '@exception' Javadoc tag in methods (OWASP2019.API9.THROW-5) 
        Provide a Javadoc comment for 'toString()' methods (OWASP2019.API9.TSMJT-5) 
     [33/33]  API8-Injection (OWASP2019.API8) 
        Do not extend from the Struts classes 'ActionForm' and 'DynaActionForm' (OWASP2019.API8.AEAF-1) 
        Canonicalize all data before validation (OWASP2019.API8.CDBV-1) 
        Avoid untrusted input when logging messages with Seam Logging API (OWASP2019.API8.DCEMSL-1) 
        Ensure that each filter mapped in a 'web.xml' file has a corresponding definition (OWASP2019.API8.FMCD-1) 
        Specify a valid 'type' attribute for each '<form-property>' element in 'struts-config.xml' files (OWASP2019.API8.TAFP-1) 
        Protect against Command injection (OWASP2019.API8.TDCMD-1) 
        Validate potentially tainted data before it is used in methods that generate code (OWASP2019.API8.TDCODE-1) 
        Protect against Jakarta Digester injection (OWASP2019.API8.TDDIG-1) 
        Protect against Environment injection (OWASP2019.API8.TDENV-1) 
        Protect against File contents injection (OWASP2019.API8.TDFILES-1) 
        Protect against File names injection (OWASP2019.API8.TDFNAMES-1) 
        Exclude unsanitized user input from format strings (OWASP2019.API8.TDINPUT-1) 
        Protect against JXPath injection (OWASP2019.API8.TDJXPATH-1) 
        Protect against LDAP injection (OWASP2019.API8.TDLDAP-1) 
        Protect against Library injection (OWASP2019.API8.TDLIB-1) 
        Protect against HTTP response splitting (OWASP2019.API8.TDRESP-1) 
        Protect against Reflection injection (OWASP2019.API8.TDRFL-1) 
        Protect against SQL injection (OWASP2019.API8.TDSQL-1) 
        Protect against XML data injection (OWASP2019.API8.TDXML-1) 
        Protect against XPath injection (OWASP2019.API8.TDXPATH-1) 
        Protect against XSS vulnerabilities (OWASP2019.API8.TDXSS-1) 
        Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (OWASP2019.API8.UPS-1) 
        Always verify JarFile signatures (OWASP2019.API8.VJFS-1) 
        Avoid XPath injection when evaluating XPath queries (OWASP2019.API8.XPIJ-1) 
        Avoid parsing untrusted data with XMLDecoder (OWASP2019.API8.AUXD-2) 
        Disable XML external entity injection (OWASP2019.API8.DXXE-2) 
        Encapsulate constructor arguments with a validation function (OWASP2019.API8.EDPM-2) 
        Protect against network resource injection (OWASP2019.API8.TDNET-2) 
        Validate untrusted XML using schema or DTD before reading (OWASP2019.API8.XMLVAL-2) 
        Prevent the scripting API from executing untrusted code (OWASP2019.API8.ASAPI-3) 
        Avoid calling methods and constructors which do not allow you to specify a character encoding option (OWASP2019.API8.SEO-3) 
        Enable the Struts Validator plug-in in all 'struts-config.xml' files (OWASP2019.API8.VPI-3) 
        Avoid using reflection methods (OWASP2019.API8.ARM-4) 
 [93/93]  OWASP Top 10 Most Critical Web Application Security Risks (2021) (OWASP2021) 
     [1/1]  A10-Server-Side Request Forgery (OWASP2021.A10) 
        Protect against network resource injection (OWASP2021.A10.TDNET-2) 
     [6/6]  A7-Identification and Authentication Failures (OWASP2021.A7) 
        Always call 'HttpSession.invalidate()' before 'LoginContext.login()' (OWASP2021.A7.ISL-1) 
        Ensure proper session expiration (OWASP2021.A7.RUIM-1) 
        Ensure that sessions are configured to time out in 'web.xml' files (OWASP2021.A7.STTL-1) 
        Protect against using unprotected credentials (OWASP2021.A7.TDPASSWD-2) 
        Do not rely on IP addresses obtained from HTTP request headers for authentication (OWASP2021.A7.HTTPRHA-3) 
        Avoid using the 'getRequestedSessionId' method from the 'HttpServletRequest' class (OWASP2021.A7.HGRSI-4) 
     [18/18]  A5-Security Misconfiguration (OWASP2021.A5) 
        Avoid using the DriverManagerDataSource class in production code (OWASP2021.A5.DMDS-1) 
        Avoid debug information from Spring Security framework to logs (OWASP2021.A5.EWSSEC-1) 
        Avoid storing unencrypted Hibernate usernames and passwords in 'web.xml' files (OWASP2021.A5.UPWD-1) 
        Do not disable CSRF protection (OWASP2021.A5.DCSRFJAVA-2) 
        Do not disable CSRF protection (OWASP2021.A5.DCSRFXML-2) 
        Disable XML external entity injection (OWASP2021.A5.DXXE-2) 
        Password information should not be included in properties file in plaintext (OWASP2021.A5.PLAIN-2) 
        Do not call the 'printStackTrace()' method of "Throwable" objects (OWASP2021.A5.ACPST-3) 
        Avoid "try", "catch" and "finally" blocks with empty bodies (OWASP2021.A5.AECB-3) 
        Do not catch exception types which are too general or are unchecked exceptions (OWASP2021.A5.NCE-3) 
        Do not catch 'NullPointerException' (OWASP2021.A5.NCNPE-3) 
        Do not throw exception types which are too general or are unchecked exceptions (OWASP2021.A5.NTERR-3) 
        Avoid declaring methods to throw general or unchecked Exception types (OWASP2021.A5.NTX-3) 
        Do not declare entity beans as remote (OWASP2021.A5.RR-3) 
        Always specify error pages in web.xml (OWASP2021.A5.SEP-3) 
        Avoid calling print methods of 'System.err' or 'System.out' (OWASP2021.A5.SIO-3) 
        Ensure Session-ID Length is sufficient (OWASP2021.A5.SLID-3) 
        Restrict cross-origin resource sharing to secure origins (OWASP2021.A5.JXCORS-4) 
     [16/16]  A4-Insecure Design (OWASP2021.A4) 
        Avoid duplicated forms in the 'validation.xml' (OWASP2021.A4.DFV-1) 
        Avoid DNS lookups for decision making (OWASP2021.A4.DNSL-1) 
        Ensure method arguments are serializable (OWASP2021.A4.ONS-1) 
        Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files (OWASP2021.A4.PCCF-1) 
        Avoid storing sensitive data in plaintext in a cookie (OWASP2021.A4.PLC-1) 
        Ensure Plugins are added in the 'struts-config.xml' (OWASP2021.A4.PLUGIN-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (OWASP2021.A4.PWDPROP-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (OWASP2021.A4.PWDXML-1) 
        Do not store non-serializable objects as HttpSession attributes (OWASP2021.A4.SNSO-1) 
        Do not store untrusted data in HTTP session (OWASP2021.A4.TDSESSION-1) 
        Use the ''getSecure()'' and ''setSecure()'' methods to enforce the use of secure cookies (OWASP2021.A4.UOSC-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files (OWASP2021.A4.WCPWD-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files (OWASP2021.A4.WPWD-1) 
        Ensure validators are enabled in the 'struts-config.xml' (OWASP2021.A4.EV-3) 
        Avoid using plain text passwords in Axis 'wsdd' files (OWASP2021.A4.PTPT-3) 
        Ensure sufficient protection against multiple failed authentication attempts (OWASP2021.A4.PBFA-5) 
     [2/2]  A9-Security Logging and Monitoring Failures (OWASP2021.A9) 
        Ensure all exceptions are either logged with a standard logger or rethrown (OWASP2021.A9.LGE-2) 
        Ensure all sensitive method invocations are logged (OWASP2021.A9.ENFL-3) 
     [12/12]  A8-Software and Data Integrity Failures (OWASP2021.A8) 
        Always specify absolute paths to execute commands (OWASP2021.A8.PBRTE-1) 
        Always verify JarFile signatures (OWASP2021.A8.VJFS-1) 
        Avoid parsing untrusted data with XMLDecoder (OWASP2021.A8.AUXD-2) 
        Disable LDAP deserialization (OWASP2021.A8.SC-2) 
        Create a 'serialVersionUID' for all 'Serializable' classes (OWASP2021.A8.DUID-3) 
        Assign 'protected' accessibility to 'readResolve()' and 'writeReplace()' methods in serializable classes (OWASP2021.A8.MASP-3) 
        Define a "readResolve" method for all instances of Serializable types (OWASP2021.A8.RRSC-3) 
        Ensure that all fields are assigned by the 'readObject()' method and written out by the 'writeObject()' method (OWASP2021.A8.RWAF-3) 
        Always declare writeObject and readObject methods for Serializable subclasses of non-Serializable parents (OWASP2021.A8.SCBNP-3) 
        Do not declare the 'readObject()' method as "synchronized" (OWASP2021.A8.SROS-3) 
        Validate objects before deserialization (OWASP2021.A8.VOBD-3) 
        Implement 'readObject()' and 'writeObject()' for all 'Serializable' classes (OWASP2021.A8.OROM-5) 
     [16/16]  A3-Injection (OWASP2021.A3) 
        Canonicalize all data before validation (OWASP2021.A3.CDBV-1) 
        Protect against Command injection (OWASP2021.A3.TDCMD-1) 
        Protect against Jakarta Digester injection (OWASP2021.A3.TDDIG-1) 
        Protect against Environment injection (OWASP2021.A3.TDENV-1) 
        Protect against File contents injection (OWASP2021.A3.TDFILES-1) 
        Exclude unsanitized user input from format strings (OWASP2021.A3.TDINPUT-1) 
        Protect against JXPath injection (OWASP2021.A3.TDJXPATH-1) 
        Protect against LDAP injection (OWASP2021.A3.TDLDAP-1) 
        Protect against Library injection (OWASP2021.A3.TDLIB-1) 
        Protect against HTTP response splitting (OWASP2021.A3.TDRESP-1) 
        Protect against Reflection injection (OWASP2021.A3.TDRFL-1) 
        Protect against SQL injection (OWASP2021.A3.TDSQL-1) 
        Protect against XPath injection (OWASP2021.A3.TDXPATH-1) 
        Protect against XSS vulnerabilities (OWASP2021.A3.TDXSS-1) 
        Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (OWASP2021.A3.UPS-1) 
        Protect against log forging (OWASP2021.A3.TDLOG-2) 
     [20/20]  A2-Cryptographic Failures (OWASP2021.A2) 
        Avoid using insecure cryptographic algorithms for data encryption with Spring (OWASP2021.A2.AISSAJAVA-1) 
        Avoid using insecure cryptographic algorithms in Spring XML configurations (OWASP2021.A2.AISSAXML-1) 
        Do not log confidential or sensitive information (OWASP2021.A2.CONSEN-1) 
        Avoid using hard-coded cryptographic keys (OWASP2021.A2.HCCK-1) 
        Ensure the HostnameVerifier.verify() method validates the certificate (OWASP2021.A2.HV-1) 
        Avoid using insecure algorithms for cryptography (OWASP2021.A2.ICA-1) 
        MessageDigest objects must process the data with the 'update' method (OWASP2021.A2.MCMDU-1) 
        Use hash functions with a salt (OWASP2021.A2.MDSALT-1) 
        Do not pass exception messages into output in order to prevent the application from leaking sensitive information (OWASP2021.A2.PEO-1) 
        Prevent exposure of sensitive data (OWASP2021.A2.SENS-1) 
        Initialize KeyGenerator instances (OWASP2021.A2.SIKG-1) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (OWASP2021.A2.SRD-1) 
        Avoid using the javax.crypto.NullCipher class in non-test classes (OWASP2021.A2.AUNC-2) 
        Ensure arguments passed to certain methods come from predefined methods list (OWASP2021.A2.ENPP-2) 
        Avoid non-random "byte[]" when using IvParameterSpec (OWASP2021.A2.IVR-2) 
        Properly validate server identity (OWASP2021.A2.VSI-2) 
        Do not hard-code IP addresses and port numbers (OWASP2021.A2.HCNA-3) 
        Safely serialize sensitive data (OWASP2021.A2.SSSD-3) 
        Use the SSL-enabled version of classes when possible (OWASP2021.A2.USC-3) 
        Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files (OWASP2021.A2.HTTPS-5) 
     [2/2]  A1-Broken Access Control (OWASP2021.A1) 
        Protect against File names injection (OWASP2021.A1.TDFNAMES-1) 
        Avoid granting access permission for EJB methods to the 'ANYONE' role (OWASP2021.A1.DPANY-3) 
 [142/142]  Possible Bugs (PB) 
     [12/12]  Typographical Errors (PB.TYPO) 
        Avoid assignment within a condition (PB.TYPO.ASI-1) 
        Ensure that arguments passed to Java wrapper classes do not contain typos (PB.TYPO.WT-1) 
        Avoid unnecessary self computation (PB.TYPO.BW-2) 
        Ensure "switch" statements do not contain typos (PB.TYPO.TLS-2) 
        Do not use octal integer literals (PB.TYPO.UOL-2) 
        Avoid "try", "catch" and "finally" blocks with empty bodies (PB.TYPO.AECB-3) 
        Ensure that the correct "super" method is invoked (PB.TYPO.CSI-3) 
        Avoid assigning same variable in the fall-through switch case (PB.TYPO.DAV-3) 
        Avoid control statements with empty bodies (PB.TYPO.EB-3) 
        Ensure the overriding method name does not have a typo (PB.TYPO.IMO-3) 
        Do not give methods and fields the same name as the enclosing class or each other (PB.TYPO.NAMING-3) 
        Avoid having more than one "getter" or "setter" method for the same field (PB.TYPO.RSK-4) 
     [12/12]  Useless Code (PB.USC) 
        Avoid conditional expressions that always evaluate to a constant value (PB.USC.CC-1) 
        Avoid classes with no accessible members (PB.USC.NACC-1) 
        Avoid unreachable "else if" and "else" cases (PB.USC.UIF-1) 
        Avoid using "private" fields which are never given a meaningful value (PB.USC.FCBS-2) 
        Avoid increment and decrement statements which have no effect (PB.USC.OI-2) 
        Do not use the unary operator '+' (PB.USC.UNARY-2) 
        Avoid empty statements (PB.USC.AES-3) 
        Avoid empty classes (PB.USC.EC-3) 
        Do not define empty "public" constructors in classes with no other constructors (PB.USC.EPC-3) 
        Ensure method and constructor return values are used (PB.USC.NASSIG-3) 
        Do not catch exceptions only to rethrow them (PB.USC.RTE-3) 
        Avoid self assignments/initializations to fields and/or local variables (PB.USC.SAFL-3) 
     [17/17]  Numerical Errors (PB.NUM) 
        Avoid calculations which result in overflow or NaN (PB.NUM.ICO-1) 
        Do not assign the result of an integer division to a floating point variable (PB.NUM.IDCD-1) 
        Avoid comparisons to Double.NaN or Float.NaN (PB.NUM.NAN-1) 
        Do not initialize array dimensions with negative numbers (PB.NUM.NIA-1) 
        Avoid implicit casts from integer data types to floating point data types (PB.NUM.AIC-2) 
        Do not pass floating point values to the 'BigDecimal' constructor (PB.NUM.BBDCC-2) 
        Do not use an integer outside the range of [0, 31] as the amount of a shift (PB.NUM.BSA-2) 
        Do not cast primitive data types to lower precision (PB.NUM.CLP-2) 
        Avoid using compound assignment operators in cases which may cause overflow (PB.NUM.CACO-3) 
        Possible integer overflow in a compare or compareTo method (PB.NUM.CMP-3) 
        Do not compare floating point types (PB.NUM.DCF-3) 
        Do not use floating point variables as loop indices (PB.NUM.FPLI-3) 
        Avoid casting the result of an integer multiplication to "long" (PB.NUM.IMOF-3) 
        Use unsigned right shift instead of division when overflow is possible (PB.NUM.IOF-3) 
        Do not use "float" and "double" if exact answers are required (PB.NUM.UBD-3) 
        Avoid passing integer values to 'Math.round()' (PB.NUM.UCM-3) 
        Provide methods to read and write little-endian data (PB.NUM.PMRWLED-4) 
     [25/25]  API Usage and Implementation (PB.API) 
        Ensure that the types passed to "Collection" and "Map" methods match the types in those data structures (PB.API.CMMT-1) 
        Do not call the 'next' method from the 'hasNext' method of an Iterator (PB.API.HNCN-1) 
        Do not use "URL" objects in "Collections" or "Maps" (PB.API.IUMS-1) 
        Ensure method arguments are serializable (PB.API.ONS-1) 
        Do not call 'setSize()' in 'ComponentListener.componentResized()' (PB.API.DNCSS-2) 
        Do not create an empty JarFile entry or an empty ZipFile entry (PB.API.EJF-2) 
        Avoid calling 'equals(null)' (PB.API.EQNL-2) 
        Ensure that all types which are used as keys in Sets and Maps override the 'equals()' and 'hashCode()' methods (PB.API.KOEH-2) 
        Do not overload the 'finalize()' method (PB.API.OF-2) 
        Avoid using "." as a regular expression in 'String.replaceAll()' and 'String.replaceFirst()' (PB.API.REP-2) 
        Do not pass a 'char' to the 'StringBuffer(int)' constructor (PB.API.SBCC-2) 
        Avoid improper casting of the results of the 'next' methods in the 'java.util.Random' class (PB.API.UNI-2) 
        Avoid using the 'equals()' and 'hashCode()' methods of "java.net.URL" (PB.API.URL-2) 
        Update values which may be using to compare with vendor properties (PB.API.VENDOR-2) 
        Avoid extending certain classes (custom rule) (PB.API.AECC-3) 
        Avoid 'put, 'putAll' and 'get' methods of 'java.util.Properties' objects (PB.API.APPG-3) 
        Avoid using certain packages or types (PB.API.APT-3) 
        Add the "@Deprecated" annotation to the declarations of deprecated members (PB.API.DANNOT-3) 
        Do not use deprecated APIs (PB.API.DPRAPI-3) 
        Do not extend 'java.util.HashMap' or 'java.util.Hashtable' (PB.API.EHM-3) 
        Assign 'protected' accessibility to 'readResolve()' and 'writeReplace()' methods in serializable classes (PB.API.MASP-3) 
        Avoid using objects with dangerous implementations of 'equals()' or 'hashCode()' as keys in hashed data structures (PB.API.MOHK-3) 
        Do not define direct or indirect subclasses of 'Error' and 'Throwable' (PB.API.NDC-3) 
        Ensure the correct number of arguments for varargs methods with format strings (PB.API.VAFS-3) 
        Do not extend "Collection" and "Map" classes (PB.API.ECMC-5) 
     [18/18]  Logical Errors (PB.LOGIC) 
        Do not call 'equals()' methods that always return false (PB.LOGIC.EQUS-1) 
        Avoid calling 'equals()' with same object (PB.LOGIC.ESO-1) 
        Avoid infinite recursive method calls (PB.LOGIC.FLRC-1) 
        Avoid infinite loops (PB.LOGIC.AIL-2) 
        Avoid off-by-one errors in loop conditions (PB.LOGIC.AOBO-2) 
        Do not discard the result of a call to "readLine()" after checking that the return value is non-null (PB.LOGIC.DJNCR-2) 
        Do not increment or decrement on the same variable over multiple nested "for" loop statements (PB.LOGIC.JI-2) 
        Ensure that the objects used within a loop's condition are properly accessed within the loop's body (PB.LOGIC.OAMC-2) 
        Avoid using the wrong index variable to access an array or List element (PB.LOGIC.AMOI-3) 
        Avoid loop variables which are not used in the condition of the loop (PB.LOGIC.AULV-3) 
        Do not check whether the result of "String.indexOf()" is positive or non-positive (PB.LOGIC.CPI-3) 
        Check the return value of methods which read or skip input (PB.LOGIC.CRRV-3) 
        Use 'getClass()' or "instanceof" within 'equals()' and 'compareTo()' method implementations (PB.LOGIC.EQLC-3) 
        Avoid bugs in the usage of loop variables (PB.LOGIC.INDEX-3) 
        Ensure that the logging level checked matches the level of the called logging method (PB.LOGIC.LLM-3) 
        Avoid out of range comparisons (PB.LOGIC.OOR-3) 
        Ensure get/set methods are accessing the correct variables (PB.LOGIC.SG-3) 
        Make sure that methods are invoked on the correct object (PB.LOGIC.ROM-4) 
     [33/33]  Confusing or Unintended Behavior (PB.CUB) 
        Avoid using 'return's inside 'finally blocks if thare are other 'return's inside the try-catch block (PB.CUB.ARCF-1) 
        Do not exit "finally" blocks abruptly (PB.CUB.ATSF-1) 
        Do not use the "+" string concatenation operator to concatenate numbers; use it only to add numbers (PB.CUB.DCP-2) 
        Avoid erroneously placing statements outside blocks (PB.CUB.EBI-2) 
        Avoid overloading varargs methods (PB.CUB.OVAM-2) 
        Do not use "char" arrays in "String" concatenations (PB.CUB.SAC-2) 
        Avoid Time-of-check Time-of-use (TOCTOU) Race Condition (PB.CUB.TOCTOU-2) 
        Avoid invoking 'toString()' on array variables (PB.CUB.TOS-2) 
        Do not use '==' or '!=' to compare objects (PB.CUB.UEIC-2) 
        Avoid dangling "else" statements (PB.CUB.ADE-3) 
        Avoid using 'iterator()' with PriorityQueue and PriorityBlockingQueue (PB.CUB.AIPQ-3) 
        Avoid using multiple '!' or '~' unary operators (PB.CUB.AMCO-3) 
        Avoid passing arrays as arguments to methods that take non-array parameters (PB.CUB.APAM-3) 
        Avoid confusing assignments to constructor arguments (PB.CUB.AWP-3) 
        Avoid improper concatenation of characters with numbers (PB.CUB.CNVC-3) 
        Avoid usage of File.canWrite() method because it may returns true even if directory is not writable (PB.CUB.CWRITE-3) 
        Avoid errors in overriding methods of "java.lang.Object" (PB.CUB.EOOM-3) 
        Do not assign loop control variables in the body of a "for" loop (PB.CUB.FLVA-3) 
        Ensure overriding methods are not unintended covariants due to parameter type differences (PB.CUB.IMC-3) 
        Ensure "static" "final" fields are immutable (PB.CUB.IMM-3) 
        Inspect "private" "static" fields which may have mistakenly been declared "static" (PB.CUB.ISF-3) 
        Use the method name 'main()' only for the entry point method (PB.CUB.MAIN-3) 
        Do not assume that a Java char fully represents a Unicode code point (PB.CUB.NCUCP-3) 
        Ensure overloaded methods in superclass are overridden when overriding a method in subclass (PB.CUB.OSM-3) 
        Avoid using "public static final" array fields (PB.CUB.PSFA-3) 
        Avoid referencing mutable fields (PB.CUB.RMO-3) 
        Do not use a "switch" statement with a bad "case" (PB.CUB.SBC-3) 
        Specify @Retention for annotation type declarations (PB.CUB.SRAD-3) 
        Parenthesize complex expressions in 'print()' or 'println()' statements (PB.CUB.STRCC-3) 
        Avoid type variable parameters when calling overloaded methods (PB.CUB.TVOM-3) 
        Do not call non-"final", non-"static" and non-"private" methods from constructors (PB.CUB.CTOR-4) 
        Avoid suspicious octal escapes (PB.CUB.OE-4) 
        Do not put code other than logging code inside logging blocks (PB.CUB.CILB-5) 
     [17/17]  Runtime Exceptions (PB.RE) 
        Do not add a collection to itself (PB.RE.ACTI-1) 
        Check whether or not "readLine()" returned null before dereferencing the return value (PB.RE.IDRL-1) 
        Avoid using methods add() from JLayer class (PB.RE.JLAY-1) 
        Avoid dereferencing null objects (PB.RE.PNPD-2) 
        When used HttpURLConnection always check return value from the getResponseCode() methods before call getInputStream() (PB.RE.RCODE-2) 
        Avoid modifying fixed-size Collections (PB.RE.AMFSL-3) 
        Avoid possible ArrayStoreExceptions (PB.RE.ASE-3) 
        Always check parameters before use in array access (PB.RE.CAI-3) 
        Check the return value of calls to 'String.indexOf()' before passing this value to other "String" methods (PB.RE.CIOR-3) 
        Ensure 'Iterator.next()' method implementations throw 'NoSuchElementException' (PB.RE.CTNSE-3) 
        Use the "fromIndex" argument of 'indexOf()' when necessary (PB.RE.IOSS-3) 
        Do not call 'String.equals(constant)' or 'String.equalsIgnoreCase(constant)' (PB.RE.ISEM-3) 
        Ensure that dereferenced variables match variables which were previously checked for "null" (PB.RE.NCMD-3) 
        Avoid calling the 'add()' method of a Queue (PB.RE.AQA-4) 
        Make sure the IllegalArgumentException message matches the code logic (PB.RE.IIAE-4) 
        Do not define direct or indirect subclasses of 'RuntimeException' (PB.RE.NXRE-4) 
        Avoid methods returning "null" value (PB.RE.VRNULL-4) 
    Unrestricted lock resource (PB.CLOSE-1) 
    Ensure that non-"void" methods have a return value other than empty arrays and "null" (PB.EAR-3) 
    Ensure that keys used in comparison operations are immutable (PB.IKICO-3) 
    Ensure that exactly one type has the same name as the file name (PB.OCSF-3) 
    Place "default" as the last case of the "switch" statement (PB.PDCL-3) 
    Provide "default:" for each "switch" statement (PB.PDS-3) 
    Include a 'case' statement for each constant of an 'enum' type in 'switch' statements (PB.NAECS-5) 
    Ensure that the type that has the same name as the file is declared "public" (PB.PCSF-5) 
 [72/72]  Payment Card Industry Data Security Standard 3.2 (PCIDSS32) 
     [14/14]  6.5.10 Broken authentication and session management (PCIDSS32.6510) 
        Avoid DNS lookups for decision making (PCIDSS32.6510.DNSL-1) 
        Always call 'HttpSession.invalidate()' before 'LoginContext.login()' (PCIDSS32.6510.ISL-1) 
        Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files (PCIDSS32.6510.PCCF-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (PCIDSS32.6510.PWDXML-1) 
        Ensure proper session expiration (PCIDSS32.6510.RUIM-1) 
        Ensure that sessions are configured to time out in 'web.xml' files (PCIDSS32.6510.STTL-1) 
        Use the ''getSecure()'' and ''setSecure()'' methods to enforce the use of secure cookies (PCIDSS32.6510.UOSC-1) 
        Avoid storing unencrypted Hibernate usernames and passwords in 'web.xml' files (PCIDSS32.6510.UPWD-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files (PCIDSS32.6510.WCPWD-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files (PCIDSS32.6510.WPWD-1) 
        Protect against using unprotected credentials (PCIDSS32.6510.TDPASSWD-2) 
        Avoid using plain text passwords in Axis 'wsdd' files (PCIDSS32.6510.PTPT-3) 
        Avoid using plain text passwords in Axis2 configuration files (PCIDSS32.6510.UTAX-3) 
        Avoid using the 'getRequestedSessionId' method from the 'HttpServletRequest' class (PCIDSS32.6510.HGRSI-4) 
     [11/11]  6.5.8 Improper access control (PCIDSS32.658) 
        Avoid using "SELECT *" in SQL queries (PCIDSS32.658.AUSS-1) 
        Keep all authentication methods centralized to enforce consistency (PCIDSS32.658.CAM-1) 
        Avoid defining multiple security roles with the same name in 'web.xml' files (PCIDSS32.658.DSR-1) 
        Avoid EJB 3 methods without security annotations (PCIDSS32.658.PERMIT-1) 
        Ensure that an appropriate security manager is set (PCIDSS32.658.SSM-1) 
        Protect against File names injection (PCIDSS32.658.TDFNAMES-1) 
        Use the 'minlength' validator for password fields in 'validation.xml' (PCIDSS32.658.MLVP-2) 
        Avoid granting access permission for EJB methods to the 'ANYONE' role (PCIDSS32.658.DPANY-3) 
        Include an appropriate '<login-config>' element to specify the type of authentication to be performed in 'web.xml' files (PCIDSS32.658.LCA-3) 
        Ensure that each security role referenced in a 'web.xml' file has a corresponding definition (PCIDSS32.658.SRCD-3) 
        Ensure sufficient protection against multiple failed authentication attempts (PCIDSS32.658.PBFA-5) 
     [2/2]  6.5.9 Cross-site request forgery (CSRF) (PCIDSS32.659) 
        Encapsulate arguments of dangerous methods with a validation method (PCIDSS32.659.EACM-2) 
        Validate all dangerous data (PCIDSS32.659.VPPD-2) 
     [3/3]  6.5.7 Cross-site scripting (XSS) (PCIDSS32.657) 
        Canonicalize all data before validation (PCIDSS32.657.CDBV-1) 
        Protect against HTTP response splitting (PCIDSS32.657.TDRESP-1) 
        Protect against XSS vulnerabilities (PCIDSS32.657.TDXSS-1) 
     [6/6]  6.5.4 Insecure communications (PCIDSS32.654) 
        Do not log confidential or sensitive information (PCIDSS32.654.CONSEN-1) 
        Avoid using hard-coded cryptographic keys (PCIDSS32.654.HCCK-1) 
        MessageDigest objects must process the data with the 'update' method (PCIDSS32.654.MCMDU-1) 
        Initialize KeyGenerator instances (PCIDSS32.654.SIKG-1) 
        Use the SSL-enabled version of classes when possible (PCIDSS32.654.USC-3) 
        Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files (PCIDSS32.654.HTTPS-5) 
     [11/11]  6.5.5 Improper error handling (PCIDSS32.655) 
        Avoid using 'return's inside 'finally blocks if thare are other 'return's inside the try-catch block (PCIDSS32.655.ARCF-1) 
        Do not pass exception messages into output in order to prevent the application from leaking sensitive information (PCIDSS32.655.PEO-1) 
        Prevent exposure of sensitive data (PCIDSS32.655.SENS-1) 
        Consistently check the returned value of non-void methods (PCIDSS32.655.CHECKRET-2) 
        Ensure all exceptions are either logged with a standard logger or rethrown (PCIDSS32.655.LGE-2) 
        Do not call the 'printStackTrace()' method of "Throwable" objects (PCIDSS32.655.ACPST-3) 
        Avoid "try", "catch" and "finally" blocks with empty bodies (PCIDSS32.655.AECB-3) 
        Check the return value of methods which read or skip input (PCIDSS32.655.CRRV-3) 
        Always specify error pages in web.xml (PCIDSS32.655.SEP-3) 
        Avoid calling print methods of 'System.err' or 'System.out' (PCIDSS32.655.SIO-3) 
        Catch all exceptions which may be thrown within Servlet methods (PCIDSS32.655.CETS-4) 
     [11/11]  6.5.3 Insecure cryptographic storage (PCIDSS32.653) 
        Avoid using insecure cryptographic algorithms for data encryption with Spring (PCIDSS32.653.AISSAJAVA-1) 
        Avoid using insecure cryptographic algorithms in Spring XML configurations (PCIDSS32.653.AISSAXML-1) 
        Avoid using insecure algorithms for cryptography (PCIDSS32.653.ICA-1) 
        Use hash functions with a salt (PCIDSS32.653.MDSALT-1) 
        Avoid storing sensitive data in plaintext in a cookie (PCIDSS32.653.PLC-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (PCIDSS32.653.PWDPROP-1) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (PCIDSS32.653.SRD-1) 
        Avoid using the javax.crypto.NullCipher class in non-test classes (PCIDSS32.653.AUNC-2) 
        Avoid using cryptographic keys which are too short (PCIDSS32.653.CKTS-2) 
        Password information should not be included in properties file in plaintext (PCIDSS32.653.PLAIN-2) 
        Avoid using custom MessageDigest implementations (PCIDSS32.653.ACMD-4) 
     [14/14]  6.5.1 Injection flaws (PCIDSS32.651) 
        Protect against Command injection (PCIDSS32.651.TDCMD-1) 
        Protect against Jakarta Digester injection (PCIDSS32.651.TDDIG-1) 
        Protect against Environment injection (PCIDSS32.651.TDENV-1) 
        Exclude unsanitized user input from format strings (PCIDSS32.651.TDINPUT-1) 
        Protect against JXPath injection (PCIDSS32.651.TDJXPATH-1) 
        Protect against LDAP injection (PCIDSS32.651.TDLDAP-1) 
        Protect against Reflection injection (PCIDSS32.651.TDRFL-1) 
        Protect against SQL injection (PCIDSS32.651.TDSQL-1) 
        Protect against XML data injection (PCIDSS32.651.TDXML-1) 
        Protect against XPath injection (PCIDSS32.651.TDXPATH-1) 
        Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (PCIDSS32.651.UPS-1) 
        Avoid XPath injection when evaluating XPath queries (PCIDSS32.651.XPIJ-1) 
        Protect against log forging (PCIDSS32.651.TDLOG-2) 
        Protect against network resource injection (PCIDSS32.651.TDNET-2) 
 [9/9]  Portability (PORT) 
    Do not use the non-portable 'System.getenv()' method (PORT.ENV-1) 
    Avoid calling 'Thread.setPriority()' (PORT.CTSP-3) 
    Do not hard code an absolute pathname when calling a constructor from the 'File' class (PORT.DNHCP-3) 
    Do not use "Runtime.exec()" (PORT.EXEC-3) 
    Do not hard-code IP addresses and port numbers (PORT.HCNA-3) 
    Do not hard code '\n' or '\r' as a line separator (PORT.LNSP-3) 
    Do not use user-defined "native" methods (PORT.NATV-3) 
    Do not use "java.awt.peer.*" interfaces directly (PORT.PEER-3) 
    Use "File.pathSeparator" or "File.pathSeparatorChar" instead of the corresponding literals (PORT.PSC-3) 
 [17/17]  Property Files (PROPS) 
    Avoid duplicated property names (PROPS.DUPN-1) 
    Avoid empty property names (PROPS.EMN-2) 
    Avoid hard-coded line separators in property values (PROPS.HCLS-2) 
    Avoid misusing arguments in property values (PROPS.IARG-2) 
    Avoid incomplete property entries (PROPS.ICK-2) 
    Avoid unmatched property entries in resources with different locales (PROPS.MENTRY-2) 
    Password information should not be included in properties file in plaintext (PROPS.PLAIN-2) 
    Avoid adding extra white spaces to the end of property values (PROPS.BSPV-3) 
    Avoid duplicated property values (PROPS.DUPV-3) 
    Avoid empty property values (PROPS.EMV-3) 
    Always use the '=' operator (PROPS.EQOP-3) 
    Follow the limit for number of property entries (PROPS.FM-3) 
    Avoid misusing the line continuation character '\' (PROPS.IVCC-3) 
    Avoid splitting property names into multiple lines (PROPS.MLN-3) 
    Use a naming convention for property names (PROPS.NAME-3) 
    Avoid misspelling words in comments and property values (PROPS.SPELL-3) 
    Ensure that property entries are localized correctly (PROPS.TENTRY-3) 
 [174/175]  Security (SECURITY) 
     [38/38]  Unsafe Environment Configuration (SECURITY.UEC) 
        Avoid defining multiple security roles with the same name in 'web.xml' files (SECURITY.UEC.DSR-1) 
        Ensure that each filter mapped in a 'web.xml' file has a corresponding definition (SECURITY.UEC.FMCD-1) 
        Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files (SECURITY.UEC.PCCF-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (SECURITY.UEC.PWDPROP-1) 
        Ensure that passwords are not stored as plaintext and are sufficiently long (SECURITY.UEC.PWDXML-1) 
        Ensure that sessions are configured to time out in 'web.xml' files (SECURITY.UEC.STTL-1) 
        Ensure WS-Security is enabled in WebSphere 'ibm-webservicesclient-ext.xmi' files (SECURITY.UEC.WCMWS-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files (SECURITY.UEC.WCPWD-1) 
        Ensure all web content directories have a "welcome file" (SECURITY.UEC.WELC-1) 
        Ensure WS-Security is enabled in WebSphere 'ibm-webservices-ext.xmi' files (SECURITY.UEC.WMWS-1) 
        Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files (SECURITY.UEC.WPWD-1) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservicesclient-ext.xmi' files (SECURITY.UEC.WCMC-2) 
        Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservicesclient-ext.xmi' files (SECURITY.UEC.WCMI-2) 
        Ensure SOAP messages are encrypted in WebSphere 'ibm-webservices-ext.xmi' files (SECURITY.UEC.WMC-2) 
        Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservices-ext.xmi' files (SECURITY.UEC.WMI-2) 
        Ensure that 'axis.development.system' is set to "false" in Axis 'server-config.wsdd' files (SECURITY.UEC.ADS-3) 
        Ensure that 'axis.enableListQuery' is set to "false" in Axis 'server-config.wsdd' files (SECURITY.UEC.AELQ-3) 
        Ensure that 'axis.disableServiceList' is set to "true" in Axis 'server-config.wsdd' files (SECURITY.UEC.DSL-3) 
        Ensure that the 'Encrypt' directive is specified for each 'items' tag in Axis2 configuration files (SECURITY.UEC.EDAR-3) 
        Ensure that 'InflowSecurity' and 'OutflowSecurity' parameters are specified in Axis2 configuration files (SECURITY.UEC.ISOS-3) 
        Include an appropriate '<login-config>' element to specify the type of authentication to be performed in 'web.xml' files (SECURITY.UEC.LCA-3) 
        Avoid using plain text passwords in Axis 'wsdd' files (SECURITY.UEC.PTPT-3) 
        Restrict access to JSPs in 'web.xml' files by including a security constraint for '*.jsp' files (SECURITY.UEC.RAJ-3) 
        Ensure that the 'Signature' directive is specified for each 'items' tag in Axis2 configuration files (SECURITY.UEC.SDAR-3) 
        Always specify error pages in web.xml (SECURITY.UEC.SEP-3) 
        Ensure Session-ID Length is sufficient (SECURITY.UEC.SLID-3) 
        Avoid using the SOAP Monitor module (SECURITY.UEC.SMM-3) 
        Ensure that each security role referenced in a 'web.xml' file has a corresponding definition (SECURITY.UEC.SRCD-3) 
        Ensure that the 'Timestamp' directive is specified for each 'items' tag in Axis2 configuration files (SECURITY.UEC.TDAR-3) 
        Ensure that all constrained resources are protected with a '<user-data-constraint>' element in 'web.xml' files (SECURITY.UEC.UDC-3) 
        Avoid using plain text passwords in Axis2 configuration files (SECURITY.UEC.UTAX-3) 
        Avoid misconfiguring timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files (SECURITY.UEC.WCMT-3) 
        Avoid unsigned timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files (SECURITY.UEC.WCUTS-3) 
        Avoid misconfiguring timestamps in WebSphere 'ibm-webservices-ext.xmi' files (SECURITY.UEC.WMT-3) 
        Ensure that the Rampart WS-Security module is enabled in Axis2 configuration files (SECURITY.UEC.WSS-3) 
        Avoid unsigned timestamps in WebSphere 'ibm-webservices-ext.xmi' files (SECURITY.UEC.WUTS-3) 
        Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files (SECURITY.UEC.HTTPS-5) 
        Ensure that "REST" is disabled in 'axis2.xml' configuration files (SECURITY.UEC.REST-5) 
     [2/2]  Unsafe Error Handling and Logging (SECURITY.UEHL) 
        Avoid untrusted input when logging messages with Seam Logging API (SECURITY.UEHL.DCEMSL-1) 
        Ensure all exceptions are either logged with a standard logger or rethrown (SECURITY.UEHL.LGE-2) 
     [14/14]  Input-Based Attacks (SECURITY.IBA) 
        Do not extend from the Struts classes 'ActionForm' and 'DynaActionForm' (SECURITY.IBA.AEAF-1) 
        Avoid using "SELECT *" in SQL queries (SECURITY.IBA.AUSS-1) 
        Canonicalize all data before validation (SECURITY.IBA.CDBV-1) 
        Always call 'super.validate()' from validation methods in 'ActionForm' classes (SECURITY.IBA.CSVFV-1) 
        Ensure proper session expiration (SECURITY.IBA.RUIM-1) 
        Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' (SECURITY.IBA.UPS-1) 
        Avoid XPath injection when evaluating XPath queries (SECURITY.IBA.XPIJ-1) 
        Avoid parsing untrusted data with XMLDecoder (SECURITY.IBA.AUXD-2) 
        Disable XML external entity injection (SECURITY.IBA.DXXE-2) 
        Encapsulate constructor arguments with a validation function (SECURITY.IBA.EDPM-2) 
        Disable LDAP deserialization (SECURITY.IBA.SC-2) 
        Encapsulate all redirect and forward URLs with a validation function (SECURITY.IBA.VRD-2) 
        Avoid temporary files (SECURITY.IBA.ATF-3) 
        Use wrapper methods to secure native methods (SECURITY.IBA.NATIW-3) 
     [1/1]  Deadlocks and Race Conditions (SECURITY.DRC) 
        Do not use threads in web components (SECURITY.DRC.THR-3) 
     [81/81]  Weak Security Controls (SECURITY.WSC) 
        Avoid hard-coding the arguments to certain methods (SECURITY.WSC.AHCA-1) 
        Avoid using insecure cryptographic algorithms for data encryption with Spring (SECURITY.WSC.AISSAJAVA-1) 
        Avoid using insecure cryptographic algorithms in Spring XML configurations (SECURITY.WSC.AISSAXML-1) 
        Process XML and HTML with a library instead of raw text (SECURITY.WSC.ARXML-1) 
        Keep all access control methods centralized to enforce consistency (SECURITY.WSC.CACM-1) 
        Keep all authentication methods centralized to enforce consistency (SECURITY.WSC.CAM-1) 
        Always clone array parameters which are stored to fields (SECURITY.WSC.CAP-1) 
        Avoid using the DriverManagerDataSource class in production code (SECURITY.WSC.DMDS-1) 
        Avoid DNS lookups for decision making (SECURITY.WSC.DNSL-1) 
        Avoid debug information from Spring Security framework to logs (SECURITY.WSC.EWSSEC-1) 
        Ensure that Secure Processing is used (SECURITY.WSC.FXMLP-1) 
        Avoid using hard-coded cryptographic keys (SECURITY.WSC.HCCK-1) 
        Avoid passing hardcoded usernames/passwords/URLs to database connection methods (SECURITY.WSC.HCCS-1) 
        Ensure the HostnameVerifier.verify() method validates the certificate (SECURITY.WSC.HV-1) 
        Avoid using insecure algorithms for cryptography (SECURITY.WSC.ICA-1) 
        Always call 'HttpSession.invalidate()' before 'LoginContext.login()' (SECURITY.WSC.ISL-1) 
        MessageDigest objects must process the data with the 'update' method (SECURITY.WSC.MCMDU-1) 
        Use hash functions with a salt (SECURITY.WSC.MDSALT-1) 
        Call authentication methods to enforce consistency (SECURITY.WSC.PAC-1) 
        Call access control methods to enforce consistency (SECURITY.WSC.PACC-1) 
        Always specify absolute paths to execute commands (SECURITY.WSC.PBRTE-1) 
        Enforce 'SecurityManager' checks before setting or getting fields (SECURITY.WSC.SCF-1) 
        Enforce 'SecurityManager' checks in methods of 'Cloneable' classes (SECURITY.WSC.SCLONE-1) 
        Enforce 'SecurityManager' checks in methods of 'Serializable' classes (SECURITY.WSC.SCSER-1) 
        Ensure 'SecurityManager' check in constructor of "public" non-"final" sensitive type (SECURITY.WSC.SCSM-1) 
        Initialize KeyGenerator instances (SECURITY.WSC.SIKG-1) 
        Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' (SECURITY.WSC.SRD-1) 
        Ensure that an appropriate security manager is set (SECURITY.WSC.SSM-1) 
        Do not call 'System.setProperty()' in a web component (SECURITY.WSC.SSP-1) 
        Use the ''getSecure()'' and ''setSecure()'' methods to enforce the use of secure cookies (SECURITY.WSC.UOSC-1) 
        Always verify JarFile signatures (SECURITY.WSC.VJFS-1) 
        Inspect usage of scripting API (SECURITY.WSC.ZOIS-1) 
        Avoid using the javax.crypto.NullCipher class in non-test classes (SECURITY.WSC.AUNC-2) 
        Avoid using cryptographic keys which are too short (SECURITY.WSC.CKTS-2) 
        Ensure arguments passed to certain methods come from predefined methods list (SECURITY.WSC.ENPP-2) 
        Avoid non-random "byte[]" when using IvParameterSpec (SECURITY.WSC.IVR-2) 
        Mark cookies as HttpOnly (SECURITY.WSC.SCHTTP-2) 
        Avoid 'main()' methods because they may allow unauthorized access to classes (SECURITY.WSC.UMAIN-2) 
        Properly validate server identity (SECURITY.WSC.VSI-2) 
        Avoid using anonymous "privileged" classes when invoking "AccessController.doPrivileged()" (SECURITY.WSC.ACDP-3) 
        Do not call the 'printStackTrace()' method of "Throwable" objects (SECURITY.WSC.ACPST-3) 
        Avoid constructors and overriding methods which are more accessible than those of their super classes (SECURITY.WSC.AMA-3) 
        Inspect usage of standard API calls that bypass security (SECURITY.WSC.APIBS-3) 
        Prevent the scripting API from executing untrusted code (SECURITY.WSC.ASAPI-3) 
        Do not use inner classes (SECURITY.WSC.AUIC-3) 
        Allow only certain providers to be specified for the 'Security.addProvider()' method (SECURITY.WSC.BP-3) 
        Prevent external processes from blocking on output or error streams (SECURITY.WSC.BUSSB-3) 
        Only call "final" methods from specified code blocks in non-"final" classes (SECURITY.WSC.CFM-3) 
        Only "clone()" instances of "final" classes (SECURITY.WSC.CIFC-3) 
        Do not define custom class loaders (SECURITY.WSC.CL-3) 
        Do not pass mutable objects to 'ObjectOutputStream' in the 'writeObject()' method (SECURITY.WSC.CMO-3) 
        Do not define custom 'SecurityManager's (SECURITY.WSC.DCSM-3) 
        Do not rely on IP addresses obtained from HTTP request headers for authentication (SECURITY.WSC.HTTPRHA-3) 
        Make all member classes "private" (SECURITY.WSC.INNER-3) 
        Declare subclasses of 'PrivilegedAction', 'PrivilegedExceptionAction', and 'PrivilegedActionException' "final" (SECURITY.WSC.PAF-3) 
        Declare subclasses of 'Permission' and 'BasicPermission' "final" (SECURITY.WSC.PBPSF-3) 
        Ensure that all Permissions, PrivilegedActions, and PrivilegedActionExceptions are declared in the same package (SECURITY.WSC.PPKG-3) 
        Declare the 'run()' method of 'PrivilegedAction' and 'PrivilegedExceptionAction' implementations "final" (SECURITY.WSC.PRMF-3) 
        Do not declare fields as "public" "static" "final" 'Collection' or 'Map' objects (SECURITY.WSC.PSFC-3) 
        Avoid string literals except in constant declarations and calls to System.out or System.err's 'print' or 'println' methods (SECURITY.WSC.SL-3) 
        Ensure 'SecurityManager' checks before 'Socket' transfers or retrievals (SECURITY.WSC.SMSTR-3) 
        Do not use sockets in web components (SECURITY.WSC.SS-3) 
        Use library methods for string replacements of special characters in HTML and XML (SECURITY.WSC.STREP-3) 
        Use the SSL-enabled version of classes when possible (SECURITY.WSC.USC-3) 
        Use wrapper methods instead of calling dangerous or problematic methods directly (custom rule) (SECURITY.WSC.UWM-3) 
        Avoid using custom MessageDigest implementations (SECURITY.WSC.ACMD-4) 
        Do not override any 'ClassLoader' method except 'findClass()' (SECURITY.WSC.CLO-4) 
        Make your 'clone()' method "final" for security (SECURITY.WSC.CLONE-4) 
        Make immutable classes final (SECURITY.WSC.FIMU-4) 
        Avoid using the 'getRequestedSessionId' method from the 'HttpServletRequest' class (SECURITY.WSC.HGRSI-4) 
        Defend against partially initialized instances of non-final classes (SECURITY.WSC.INIVF-4) 
        Restrict cross-origin resource sharing to secure origins (SECURITY.WSC.JXCORS-4) 
        Validate shortcut target paths before use (SECURITY.WSC.LNK-4) 
        Inspect instantiations of 'ClassLoader' objects (SECURITY.WSC.CLI-5) 
        Make your classes nondeserializeable (SECURITY.WSC.DSER-5) 
        Ensure that file target paths retrieved by resolving symbolic links are safe (SECURITY.WSC.FOLLOW-5) 
        Avoid setting the write or execute file permissions to unintended users (SECURITY.WSC.IDP-5) 
        Make your classes noncloneable (SECURITY.WSC.MCNC-5) 
        Ensure sufficient protection against multiple failed authentication attempts (SECURITY.WSC.PBFA-5) 
        Inspect 'Random' objects or 'Math.random()' methods that could indicate areas where malicious code has been placed (SECURITY.WSC.RDM-5) 
        Make your classes nonserializeable (SECURITY.WSC.SER-5) 
     [11/11]  Backdoor Vulnerabilities (SECURITY.BV) 
        Do not set custom security managers outside of the 'main' method (SECURITY.BV.DSSM-1) 
        Do not access or set System properties (SECURITY.BV.SYSP-2) 
        Do not access the class loader in a web component (SECURITY.BV.ACL-3) 
        Use "read-only" AccessMode for Castor queries (SECURITY.BV.CQRO-3) 
        Ensure all sensitive method invocations are logged (SECURITY.BV.ENFL-3) 
        Do not call 'Socket.setSocketImplFactory()' or 'URL.setURLStreamHandlerFactory()' in a web component (SECURITY.BV.NSF-3) 
        Wrap "privileged" method invocations in "final" methods (SECURITY.BV.PCFM-3) 
        Wrap "privileged" method invocations in "private" methods (SECURITY.BV.PCPM-3) 
        Avoid using dynamically loaded classes in "privileged" code blocks (SECURITY.BV.PDLC-3) 
        Inspect usage of 'Date', 'Time' objects and 'System.currentTimeMillis()' method invocations (SECURITY.BV.ADT-5) 
        Inspect usage of 'getName()' from 'java.lang.Class' object (SECURITY.BV.AUG-5) 
     [14/14]  Erratic Application Behavior (SECURITY.EAB) 
        Do not use AWT classes in Web components (SECURITY.EAB.AWT-1) 
        Do not compare Class objects by name (SECURITY.EAB.CMP-1) 
        Do not stop the JVM in a web component (SECURITY.EAB.JVM-1) 
        Do not pass byte arrays to ObjectOutputStream in the 'writeObject()' method (SECURITY.EAB.CBA-3) 
        Enforce returning a defensive copy in 'clone()' methods (SECURITY.EAB.CPCL-3) 
        Do not pass user-given mutable objects directly to certain types (SECURITY.EAB.MPT-3) 
        Do not declare "static" fields in web components (SECURITY.EAB.SF-3) 
        Do not change the input streams of 'java.lang.System' in a web component (SECURITY.EAB.SIS-3) 
        Do not store user-given mutable objects directly into variables (SECURITY.EAB.SMO-3) 
        Inspect 'static' fields which may have intended to be declared 'static final' (SECURITY.EAB.SPFF-3) 
        Avoid calling specified methods from web components and EJBs (SECURITY.EAB.ACWC-4) 
        Limit the number of "AccessController.doPrivileged" calls per class (SECURITY.EAB.LDP-4) 
        Limit the number of lines in "privileged" code blocks (SECURITY.EAB.PCL-4) 
        Implement 'readObject()' and 'writeObject()' for all 'Serializable' classes (SECURITY.EAB.OROM-5) 
     [13/14]  Exposing Sensitive Data (SECURITY.ESD) 
        Do not log confidential or sensitive information (SECURITY.ESD.CONSEN-1) 
        Do not pass exception messages into output in order to prevent the application from leaking sensitive information (SECURITY.ESD.PEO-1) 
        Avoid storing sensitive data in plaintext in a cookie (SECURITY.ESD.PLC-1) 
        Inspect instance fields of serializable objects to make sure they will not expose sensitive information (SECURITY.ESD.SIF-1) 
        Do not interrogate or modify security policy information in a web component (SECURITY.ESD.SPI-1) 
        Declare "transient" fields "private" (SECURITY.ESD.TFP-1) 
        Avoid "transient" fields in serialPersistentFields array (SECURITY.ESD.TSPF-2) 
        Clear sensitive data after use (SECURITY.ESD.CSD-3) 
        Avoid methods that might expose internal representations by returning arrays or other mutable fields (SECURITY.ESD.RA-3) 
        Store sensitive data in mutable objects (SECURITY.ESD.SDM-3) 
        Avoid calling print methods of 'System.err' or 'System.out' (SECURITY.ESD.SIO-3) 
        Do not expose data with a 'FileNotFound' exception (SECURITY.ESD.SNFD-3) 
        Avoid writing to Consoles (SECURITY.ESD.ACW-5) 
 [18/18]  Serialization (SERIAL) 
    Avoid classes that implement 'Externalizable' but do not define a no-argument constructor (SERIAL.ENNAC-1) 
    Ensure the return type of 'readResolve()' and 'writeReplace()' methods are 'java.lang.Object' (SERIAL.MRWD-1) 
    Ensure outer class is serializable if its inner class is serializable (SERIAL.OC-1) 
    Ensure that the 'readObject()' and 'writeObject()' methods have the correct signature (SERIAL.ROWO-1) 
    Avoid serializable classes that extend a superclass without a zero-argument constructor (SERIAL.SNNAC-1) 
    Do not store non-serializable objects as HttpSession attributes (SERIAL.SNSO-1) 
    Ensure Serializable classes are correct (SERIAL.NSFSC-2) 
    Declare 'serialPersistentFields' "private static final" (SERIAL.SPF-2) 
    Create a 'serialVersionUID' for all 'Serializable' classes (SERIAL.DUID-3) 
    Implement Externalizable instead of Serializable (SERIAL.EZEE-3) 
    Avoid declaring "transient" fields in non-serializable classes (SERIAL.FT-3) 
    Avoid re-initializing fields in the 'readExternal()' method of 'Externalizable' classes (SERIAL.IRX-3) 
    Define a "readResolve" method for all instances of Serializable types (SERIAL.RRSC-3) 
    Ensure that all fields are assigned by the 'readObject()' method and written out by the 'writeObject()' method (SERIAL.RWAF-3) 
    Always declare writeObject and readObject methods for Serializable subclasses of non-Serializable parents (SERIAL.SCBNP-3) 
    Do not declare SerialVersionUID in classes that do not implement Serializable (SERIAL.SRLZ-3) 
    Do not declare the 'readObject()' method as "synchronized" (SERIAL.SROS-3) 
    Validate objects before deserialization (SERIAL.VOBD-3) 
 [17/17]  Servlets (SERVLET) 
    Do not define instance fields in Servlet classes (SERVLET.IF-1) 
    Declare a "public" constructor that takes no parameters (SERVLET.MDC-1) 
    Avoid multiple '<servlet>' elements with the same '<servlet-name>' in a 'web.xml' file (SERVLET.DSN-2) 
    Do not use static variables in servlets without synchronization (SERVLET.NSSS-2) 
    Ensure that all servlets have a corresponding mapping in 'web.xml' files (SERVLET.SCM-2) 
    Ensure that all '<servlet>' elements contain a single non-empty '<servlet-name>' element in 'web.xml' files (SERVLET.SSN-2) 
    Minimize synchronization in Servlets (SERVLET.SYN-2) 
    Use a Context Object to manage HTTP request parameters (SERVLET.UCO-2) 
    Do not use JDBC code in Servlet classes (SERVLET.AJDBC-3) 
    Do not use 'java.beans.Beans.instantiate()' (SERVLET.BINS-3) 
    Avoid using collections without size limit in servlets (SERVLET.LML-3) 
    Follow a limit for the number of mappings for each servlet in a 'web.xml' file (SERVLET.NMS-3) 
    Specify an appropriate schema or DTD file for 'web.xml' files (SERVLET.SDTD-3) 
    Minimize usage of System.out and System.err in Servlets (SERVLET.SOP-3) 
    Do not use 'SingleThreadModel' in Servlet classes (SERVLET.STM-3) 
    Catch all exceptions which may be thrown within Servlet methods (SERVLET.CETS-4) 
    Do not create static variables in a servlet (SERVLET.NSIS-5) 
 [14/14]  Spring Framework (SPRING) 
    Follow configuration class conventions (SPRING.ATCFG-2) 
    Do not disable CSRF protection (SPRING.DCSRFJAVA-2) 
    Do not disable CSRF protection (SPRING.DCSRFXML-2) 
    Ensure that methods annotated with @RequestMapping specify the HTTP request method they call (SPRING.REQMAP-2) 
    Avoid constructor injection (SPRING.ACARG-3) 
    Use ''description'' tag in configuration file headers (SPRING.DESC-3) 
    Avoid using ''name'' and ''id'' simultaneously (SPRING.IDNAME-3) 
    Avoid using relative ''../'' path reference to parent files (SPRING.IMPORTSRES-3) 
    Avoid using native JDBC (SPRING.JDBCTEMPLATE-3) 
    Use ''local'' property attribute in local scope (SPRING.LOCAL-3) 
    Follow convention for bean properties (SPRING.PROPLIMIT-3) 
    Use naming conventions for spring beans (SPRING.SPRNAM-3) 
    Use ids as bean identifiers (SPRING.USEID-3) 
    Prefer ''type'' over ''index'' for constructor argument matching (SPRING.PREFTYPE-4) 
 [30/30]  Struts Framework (STRUTS) 
     [4/4]  Struts 2 (STRUTS.STRUTS2) 
        Avoid duplicated field validators (STRUTS.STRUTS2.S2DAFV-3) 
        Avoid duplicated validators (STRUTS.STRUTS2.S2DV-3) 
        Avoid duplicated validation files (STRUTS.STRUTS2.S2DVF-3) 
        Ensure each validation file has a corresponding Action (STRUTS.STRUTS2.S2NA-3) 
    Avoid accessing a database from Action Classes (STRUTS.ACDA-1) 
    Specify an @input attribute if '<action>' element has validation in 'struts-config.xml' files (STRUTS.AIV-1) 
    Specify a '<form-bean>' for each named '<action>' element in 'struts-config.xml' files (STRUTS.AMFB-1) 
    Avoid duplicated forms in the 'validation.xml' (STRUTS.DFV-1) 
    Specify a non-empty name and path for each '<forward>' element in 'struts-config.xml' files (STRUTS.FWD-1) 
    Do not declare instance variables in Struts Action classes (STRUTS.INST-1) 
    Specify a name and type for each form bean in 'struts-config.xml' files (STRUTS.NTFB-1) 
    Ensure Plugins are added in the 'struts-config.xml' (STRUTS.PLUGIN-1) 
    Specify a valid 'type' attribute for each '<form-property>' element in 'struts-config.xml' files (STRUTS.TAFP-1) 
    Avoid defining multiple form beans with the same name in 'struts-config.xml' files (STRUTS.MFBSN-2) 
    Use the 'minlength' validator for password fields in 'validation.xml' (STRUTS.MLVP-2) 
    Ensure that the @path attribute of '<action>' and '<forward>' elements begins with '/' in 'struts-config.xml' files (STRUTS.PFS-2) 
    Ensure that the 'scope' attribute is set to either "request" or "session" for actions and exceptions in 'struts-config.xml' files (STRUTS.RSS-2) 
    Avoid accessing a JSP page from Action Classes (STRUTS.ACJC-3) 
    Avoid @prefix, @suffix, and @attribute for unnamed '<action>' elements in 'struts-config.xml' (STRUTS.APSN-3) 
    Avoid using relative paths for attributes in 'struts-config.xml' files (STRUTS.ARP-3) 
    Ensure validators are enabled in the 'struts-config.xml' (STRUTS.EV-3) 
    Provide an appropriate getter and setter method for each field in a form bean (STRUTS.FIELDS-3) 
    Avoid calling methods of Action Classes (STRUTS.IACM-3) 
    Avoid public methods in Action Classes (STRUTS.PMAC-3) 
    Specify a non-empty path and type for each '<exception>' element in 'struts-config.xml' files (STRUTS.PTE-3) 
    Use a Struts DTD for validation in 'struts-config.xml' files (STRUTS.SCDTD-3) 
    Enable the Struts Validator plug-in in all 'struts-config.xml' files (STRUTS.VPI-3) 
    Avoid local and global forwards with the same name in 'struts-config.xml' files (STRUTS.DLGF-4) 
    Include only getter and setter methods in form beans (STRUTS.FORM-4) 
    Specify a valid 'maxlength' value for each form field in Struts validation files (STRUTS.MLFF-4) 
 [52/52]  Threads & Synchronization (TRS) 
    Do not cause deadlocks by calling a "synchronized" method from a "synchronized" method (TRS.CSFS-1) 
    Do not call the 'run()' method directly on classes extending 'java.lang.Thread' or implementing 'java.lang.Runnable' (TRS.IRUN-1) 
    Release Locks in a "finally" block (TRS.RLF-1) 
    Do not synchronize on constant Strings (TRS.SCS-1) 
    Manually synchronize on 'synchronized' collections when iterating over them (TRS.SSCI-1) 
    Call 'wait()' and 'await()' only inside a loop that tests the liveness condition (TRS.UWIL-1) 
    Do not use variables of the unsafe type 'java.lang.ThreadGroup' (TRS.AUTG-2) 
    Do not call the "start" method of threads from inside a constructor (TRS.CSTART-2) 
    Avoid unsafe implementations of the "double-checked locking" pattern (TRS.DCL-2) 
    Do not catch 'IllegalMonitorStateException' since this exception likely indicates a design flaw (TRS.IMSE-2) 
    Ensure that nested locks are ordered correctly (TRS.LORD-2) 
    Do not mix "static" and non-"static" "synchronized" methods (TRS.SNSM-2) 
    Do not synchronize on "public" fields since doing so may cause deadlocks (TRS.SOPF-2) 
    Avoid calling unsafe deprecated methods of 'Thread' and 'Runtime' (TRS.THRD-2) 
    Do not call 'Thread.sleep()' while holding a lock since doing so can cause poor performance and deadlocks (TRS.TSHL-2) 
    Do not use 'notify()'; use 'notifyAll()' instead so that all waiting threads will be notified (TRS.ANF-3) 
    Avoid accidental use of "Thread.interrupted()" (TRS.ATI-3) 
    Do not use 'Thread.yield()' because it may behave differently under different Virtual Machines (TRS.AUTY-3) 
    Avoid invoking methods using "static" 'Calendar', 'DateFormat', or 'SimpleDateFormat' (TRS.CDF-3) 
    Use ConcurrentLinkedQueue instead of Vector and synchronizedList when possible (TRS.CLQ-3) 
    Avoid compound synchronized collection accesses which violate atomicity (TRS.CMA-3) 
    Do not let "this" reference escape during construction (TRS.CTRE-3) 
    Do not use DiscardOldestPolicy with PriorityBlockingQueue (TRS.DOPQ-3) 
    Inspect accesses to "static" fields which may require synchronization (TRS.IASF-3) 
    Make lazy initializations thread-safe (TRS.ILI-3) 
    Implement Runnable instead of extending Thread (TRS.IRET-3) 
    Give subclasses of Thread a 'run()' method so they can run as separate threads (TRS.MRUN-3) 
    Ensure threads are named (TRS.NAME-3) 
    Ensure 'wait()', 'notify()' and 'notifyAll()' are invoked on an object that is clearly synchronized in its enclosing mod scope (TRS.NSYN-3) 
    Avoid overriding synchronized methods with non-synchronized methods (TRS.OSNS-3) 
    Do not synchronize on the class object returned by the 'getClass' method (TRS.SGC-3) 
    Do not perform synchronization using the "synchronized" keyword on implementations of "java.util.concurrent.locks.Lock" (TRS.SOL-3) 
    Do not synchronize on non-"final" fields since doing so makes it difficult to guarantee mutual exclusion (TRS.SOUF-3) 
    Synchronize access to "static" SimpleDataFormats (TRS.SSDF-3) 
    Make the get method for a field synchronized if the set method is synchronized (TRS.SSUG-3) 
    Do not perform synchronization nor call semaphore methods on an Object's 'this' reference (TRS.STR-3) 
    Avoid unsynchronized accesses of "Collections.synchronized" wrapped Collections (TRS.UACS-3) 
    Use unsynchronized Collections/Maps only when safe (TRS.UCM-3) 
    Use the same locking object to access variables (TRS.USL-3) 
    Do not start a thread without specifying a 'run()' method (TRS.UT-3) 
    Use 'wait()' and 'notifyAll()' instead of polling loops (TRS.UWNA-3) 
    Use the correct method calls on "java.util.concurrent.locks.Condition" objects (TRS.WOC-3) 
    Do not make the "writeObject()" method synchronized if no other method is synchronized (TRS.WOS-3) 
    Do not use Atomic variables when always accessed in synchronized manner (TRS.AIL-4) 
    Do not catch InterruptedException except in classes extending Thread (TRS.CIET-4) 
    Do not use "getState" except for debugging purposes (TRS.GSD-4) 
    Do not call the 'start()' method directly on Thread class instances (TRS.ISTART-4) 
    Access related Atomic variables in a synchronized block (TRS.MRAV-4) 
    Do not synchronize on a collection view if the backing collection is accessible (TRS.SOBC-4) 
    Use ConcurrentHashMap instead of Hashtable and "synchronizedMap" wrapped HashMap when possible (TRS.CHM-5) 
    Use "synchronized" blocks instead of making the whole method declaration "synchronized" (TRS.NSM-5) 
    Use synchronization on methods that implement 'Runnable.run()' (TRS.RUN-5) 
 [28/28]  Unused Code (UC) 
    Avoid unused "import" statements (UC.UIMPORT-2) 
    Avoid unnecessary modifiers in an "interface" (UC.AAI-3) 
    Remove commented out Java code (UC.ACC-3) 
    Ensure that classes do not explicitly extend 'java.lang.Object' (UC.AEEO-3) 
    Avoid empty static and non-static initializers (UC.AESTAT-3) 
    Do not override "abstract" methods of a parent class with "abstract" methods (UC.AMAMI-3) 
    Avoid unused labels (UC.AUL-3) 
    Avoid collection objects that are never read (UC.AURCO-3) 
    Avoid local variables that are never read (UC.AURV-3) 
    Avoid unnecessary "boolean" comparisons (UC.BCMP-3) 
    Avoid duplicate code in 'if' branches (UC.DIEB-3) 
    Do not explicitly "import" the java.lang.* "package" (UC.DIL-3) 
    Avoid empty "finalize()" methods (UC.EF-3) 
    Avoid redundant 'finalize()' methods which only call the superclass' 'finalize()' method (UC.FCSF-3) 
    Avoid redundant "final" keywords in method declarations in "final" classes (UC.FMFC-3) 
    Avoid unused "private" fields (UC.PF-3) 
    Avoid unused "private" methods (UC.PM-3) 
    Avoid redundant 'static' keywords in enum type declarations (UC.RSKE-3) 
    Avoid empty "synchronized" statements (UC.SNE-3) 
    Use a caught exception in the "catch" block (UC.UCATCH-3) 
    Avoid unnecessary 'if' statements (UC.UCIF-3) 
    Avoid unnecessary "else" statements (UC.UES-3) 
    Avoid unused parameters (UC.UP-3) 
    Avoid unused "private" classes or interfaces (UC.UPC-3) 
    Avoid unnecessary "return" statement at the end of "void" methods (UC.VR-3) 
    Avoid redundant throw clauses (UC.ARTD-4) 
    Do not import classes from the package that contains the current class (UC.PIMPORT-4) 
    Avoid methods that only call the overridden implementation (superclass implementation) (UC.SO-4) 
 [3/3]  XML Development (XML) 
    Ensure that classes have a "public" constructor with zero arguments (XML.IVCC-1) 
    Ensure that XML files are well-formatted (XML.WF-1) 
    Avoid debug levels which are too high in Tomcat's 'server.xml' (XML.DLTH-3) 

Metrics Summary
  Expand All   Collapse All   Back to Top    
Metric name Number of items Average Std. Deviation Maximum Minimum
    + Coupling Between Objects (METRIC.CBO) 68 0.588 1.003 4 0
            com.parasoft:parabank 68 0.588 1.003 4 0

      + McCabe Cyclomatic Complexity (METRIC.CC) 389 1.213 0.926 9 1
              com.parasoft:parabank 389 1.213 0.926 9 1

        + Comment/Logical Lines in Files (METRIC.CLLOCRIF) 51 0.924 1.861 10.167 0
                com.parasoft:parabank 51 0.924 1.861 10.167 0

          + Comment/Logical Lines in Methods (METRIC.CLLOCRIM) 304 0.618 2.367 16 0
                  com.parasoft:parabank 304 0.618 2.367 16 0

            + Comment/Logical Lines in Types (METRIC.CLLOCRIT) 51 0.892 1.865 10.167 0
                    com.parasoft:parabank 51 0.892 1.865 10.167 0

              + Depth of Nested 'if' Statements (METRIC.DIF) 389 0.105 0.432 3 0
                      com.parasoft:parabank 389 0.105 0.432 3 0

                + Essential Cyclomatic Complexity (METRIC.ECC) 389 1.095 0.563 6 1
                        com.parasoft:parabank 389 1.095 0.563 6 1

                  + Fan Out (METRIC.FO) 67 1.269 1.356 7 0
                          com.parasoft:parabank 67 1.269 1.356 7 0

                    + Halstead Difficulty (METRIC.HDIFM) 389 3.399 3.681 33.611 0.5
                            com.parasoft:parabank 389 3.399 3.681 33.611 0.5

                      + Halstead Effort (METRIC.HEFM) 389 1477.814 10658.517 145630.254 2.377
                              com.parasoft:parabank 389 1477.814 10658.517 145630.254 2.377

                        + Halstead Intelligent Content (METRIC.HICM) 389 16.73 15.586 128.91 5.333
                                com.parasoft:parabank 389 16.73 15.586 128.91 5.333

                          + Halstead Program Length (METRIC.HLENM) 389 20.111 54.081 617 3
                                  com.parasoft:parabank 389 20.111 54.081 617 3

                            + Halstead Program Level (METRIC.HLEVM) 389 0.538 0.459 2 0.03
                                    com.parasoft:parabank 389 0.538 0.459 2 0.03

                              + Halstead Number of Bugs (METRIC.HNOBM) 389 0.02 0.077 0.923 0.001
                                      com.parasoft:parabank 389 0.02 0.077 0.923 0.001

                                + Halstead Time to Program (METRIC.HTTPM) 389 82.101 592.14 8090.57 0.132
                                        com.parasoft:parabank 389 82.101 592.14 8090.57 0.132

                                  + Halstead Program Vocabulary (METRIC.HVOCM) 389 11.365 13.259 130 3
                                          com.parasoft:parabank 389 11.365 13.259 130 3

                                    + Halstead Program Volume (METRIC.HVOLM) 389 94.609 368.017 4332.801 4.755
                                            com.parasoft:parabank 389 94.609 368.017 4332.801 4.755

                                      + Inheritance Depth of Class (METRIC.IDOC) 47 1.34 0.593 3 1
                                              com.parasoft:parabank 47 1.34 0.593 3 1

                                        + Lack of Cohesion (METRIC.LCOM) 68 0.326 0.359 0.933 0
                                                com.parasoft:parabank 68 0.326 0.359 0.933 0

                                          + Modified Cyclomatic Complexity (METRIC.MCC) 389 1.213 0.926 9 1
                                                  com.parasoft:parabank 389 1.213 0.926 9 1

                                            + Maintainability Index (METRIC.MI) 47 136.184 17.363 174.358 78.448
                                                    com.parasoft:parabank 47 136.184 17.363 174.358 78.448

                                              + Nested Blocks Depth (METRIC.NBD) 389 0.131 0.556 4 0
                                                      com.parasoft:parabank 389 0.131 0.556 4 0

                                                + Blank Lines in Files (METRIC.NOBLIF) 67 9.91 7.951 42 1
                                                        com.parasoft:parabank 67 9.91 7.951 42 1

                                                  + Blank Lines in Methods (METRIC.NOBLIM) 389 0.072 0.839 12 0
                                                          com.parasoft:parabank 389 0.072 0.839 12 0

                                                    + Blank Lines in Types (METRIC.NOBLIT) 68 7.75 7.984 41 0
                                                            com.parasoft:parabank 68 7.75 7.984 41 0

                                                      + Number of Classes (METRIC.NOC) 47 1 0 1 1
                                                              com.parasoft:parabank 47 1 0 1 1

                                                        + Comment Lines in Files (METRIC.NOCLIF) 67 14.418 27.129 173 0
                                                                com.parasoft:parabank 67 14.418 27.129 173 0

                                                          + Comment Lines in Methods (METRIC.NOCLIM) 389 1.925 3.464 16 0
                                                                  com.parasoft:parabank 389 1.925 3.464 16 0

                                                            + Comment Lines in Types (METRIC.NOCLIT) 68 14.029 27.032 173 0
                                                                    com.parasoft:parabank 68 14.029 27.032 173 0

                                                              + Number of Files (METRIC.NOF) 67 1 0 1 1
                                                                      com.parasoft:parabank 67 1 0 1 1

                                                                + Logical Lines in Files (METRIC.NOLLOCIF) 67 12.91 21.88 116 0
                                                                        com.parasoft:parabank 67 12.91 21.88 116 0

                                                                  + Logical Lines in Methods (METRIC.NOLLOCIM) 389 1.856 4.542 48 0
                                                                          com.parasoft:parabank 389 1.856 4.542 48 0

                                                                    + Logical Lines in Types (METRIC.NOLLOCIT) 68 12.721 21.774 116 0
                                                                            com.parasoft:parabank 68 12.721 21.774 116 0

                                                                      + Method Calls in Methods (METRIC.NOMCIM) 389 1.165 4.495 48 0
                                                                              com.parasoft:parabank 389 1.165 4.495 48 0

                                                                        + Number of Methods in Types (METRIC.NOMIT) 68 5.721 5.104 23 0
                                                                                com.parasoft:parabank 68 5.721 5.104 23 0

                                                                          + Parameters of Methods (METRIC.NOPAR) 389 0.756 1.026 9 0
                                                                                  com.parasoft:parabank 389 0.756 1.026 9 0

                                                                            + Physical Lines in Files (METRIC.NOPLIF) 67 59.478 56.081 277 9
                                                                                    com.parasoft:parabank 67 59.478 56.081 277 9

                                                                              + Physical Lines in Methods (METRIC.NOPLIM) 389 6.46 9.709 116 1
                                                                                      com.parasoft:parabank 389 6.46 9.709 116 1

                                                                                + Physical Lines in Types (METRIC.NOPLIT) 68 53.265 54.212 265 3
                                                                                        com.parasoft:parabank 68 53.265 54.212 265 3

                                                                                  + Private Members of Types (METRIC.NOPRIVMIT) 68 1.926 2.783 18 0
                                                                                          com.parasoft:parabank 68 1.926 2.783 18 0

                                                                                    + Protected Members of Types (METRIC.NOPROTMIT) 68 0.353 1.337 8 0
                                                                                            com.parasoft:parabank 68 0.353 1.337 8 0

                                                                                      + Public Members of Types (METRIC.NOPUBMIT) 68 4.574 5.177 20 0
                                                                                              com.parasoft:parabank 68 4.574 5.177 20 0

                                                                                        + Number of Returns in Methods (METRIC.NORET) 389 0.424 0.562 3 0
                                                                                                com.parasoft:parabank 389 0.424 0.562 3 0

                                                                                          + Source Lines in Files (METRIC.NOSLIF) 67 35.239 44.743 248 4
                                                                                                  com.parasoft:parabank 67 35.239 44.743 248 4

                                                                                            + Source Lines in Methods (METRIC.NOSLIM) 389 4.504 8.824 100 1
                                                                                                    com.parasoft:parabank 389 4.504 8.824 100 1

                                                                                              + Source Lines in Types (METRIC.NOSLIT) 68 31.662 43.045 239 3
                                                                                                      com.parasoft:parabank 68 31.662 43.045 239 3

                                                                                                + Number of Types (METRIC.NOT) 68 1 0 1 1
                                                                                                        com.parasoft:parabank 68 1 0 1 1

                                                                                                  + Response for Class (METRIC.RFC) 68 11.647 18.955 95 0
                                                                                                          com.parasoft:parabank 68 11.647 18.955 95 0

                                                                                                    + Strict Cyclomatic Complexity (METRIC.SCC) 389 1.237 1.029 10 1
                                                                                                            com.parasoft:parabank 389 1.237 1.029 10 1

                                                                                                      + Weighted Methods of Class (METRIC.WMC) 68 7.074 7.509 29 0
                                                                                                              com.parasoft:parabank 68 7.074 7.509 29 0



                                                                                                      Setup Problems
                                                                                                      Back to Top    


                                                                                                      [ERROR]  Project compilation problems:
                                                                                                      Project 'com.parasoft:parabank' contains compilation problems
                                                                                                      [WARNING]  Compilation setup problems:
                                                                                                      Compilation error during Static Analysis:
                                                                                                      C:\jenkins\workspace\cicd.findings.jtest.parabank\src\main\java\com\parasoft\bookstore2\CartService.java:11: The import javax.jws cannot be resolved
                                                                                                      
                                                                                                      Compilation error during Static Analysis:
                                                                                                      C:\jenkins\workspace\cicd.findings.jtest.parabank\src\main\java\com\parasoft\bookstore2\DB.java:11: org.slf4j cannot be resolved to a type
                                                                                                      
                                                                                                      Compilation error during Static Analysis:
                                                                                                      C:\jenkins\workspace\cicd.findings.jtest.parabank\src\main\java\com\parasoft\bookstore2\ICartService.java:3: The import javax.jws cannot be resolved
                                                                                                      
                                                                                                      Compilation error during Static Analysis:
                                                                                                      C:\jenkins\workspace\cicd.findings.jtest.parabank\src\main\java\com\parasoft\bookstore2\KeystorePasswordCallback.java:9: The import org.apache cannot be resolved
                                                                                                      
                                                                                                      Compilation error during Static Analysis:
                                                                                                      C:\jenkins\workspace\cicd.findings.jtest.parabank\src\main\java\com\parasoft\bookstore\CartService.java:11: The import javax.jws cannot be resolved
                                                                                                      
                                                                                                      Compilation error during Static Analysis:
                                                                                                      C:\jenkins\workspace\cicd.findings.jtest.parabank\src\main\java\com\parasoft\bookstore\DB.java:10: org.slf4j cannot be resolved to a type
                                                                                                      
                                                                                                      Compilation error during Static Analysis:
                                                                                                      C:\jenkins\workspace\cicd.findings.jtest.parabank\src\main\java\com\parasoft\bookstore\ICartService.java:3: The import javax.jws cannot be resolved
                                                                                                      
                                                                                                      Compilation error during Static Analysis:
                                                                                                      C:\jenkins\workspace\cicd.findings.jtest.parabank\src\main\java\com\parasoft\bookstore\jdbc\JdbcBookstoreDao.java:6: The import org.slf4j cannot be resolved
                                                                                                      
                                                                                                      Compilation error during Static Analysis:
                                                                                                      C:\jenkins\workspace\cicd.findings.jtest.parabank\src\main\java\com\parasoft\bookstore\KeystorePasswordCallback.java:9: The import org.apache cannot be resolved
                                                                                                      
                                                                                                      Compilation error during Static Analysis:
                                                                                                      C:\jenkins\workspace\cicd.findings.jtest.parabank\src\main\java\com\parasoft\bookstore\UsernameTokenPasswordCallback.java:9: The import org.apache cannot be resolved
                                                                                                      
                                                                                                      ...
                                                                                                      [WARNING]  Configuration setup problems:
                                                                                                      The METRICS rule category is deprecated. Consider enabling code metrics in your test configuration.
                                                                                                      The rule CODSTA.BP.PPAC has been removed. You can obtain similar results by enabling OPT.AAM in your test configuration.
                                                                                                      The rule HIBERNATE.CHS has been deprecated and should be replaced with BD.RES.LEAKS in your test configuration.
                                                                                                      The rule HIBERNATE.CSF has been deprecated and should be replaced with BD.RES.LEAKS in your test configuration.
                                                                                                      The rule JDBC.CDBC has been deprecated and should be replaced with BD.RES.LEAKS in your test configuration.
                                                                                                      The rule JDBC.RRWD has been deprecated and should be replaced with BD.RES.LEAKS in your test configuration.
                                                                                                      The rule OPT.CCR has been deprecated and should be replaced with BD.RES.LEAKS in your test configuration.
                                                                                                      The rule OPT.CIO has been deprecated and should be replaced with BD.RES.LEAKS in your test configuration.
                                                                                                      The rule PB.RE.PNPD has been deprecated and should be replaced with BD.EXCEPT.NP in your test configuration.
                                                                                                      The rule PB.USC.CC has been deprecated and should be replaced with BD.PB.CC in your test configuration.
                                                                                                      [INFO]  The following dependencies do not exist:
                                                                                                      C:\jenkins\workspace\cicd.findings.jtest.parabank/lib/junit-4.13.2.jar
                                                                                                      C:\jenkins\workspace\cicd.findings.jtest.parabank/lib/servlet-api-2.4.jar


                                                                                                      Test Parameters

                                                                                                      jtestcli -config jtest_settings.properties -data parabank.data.json -settings localsettings.properties -report build/reports/jtest/static